ELF>o^@x@8 @@@@11@@@i%i%ppp,@,@hȻ00Std00PtdddQtdRtd``/lib/ld-musl-x86_64.so.1 GNUPCPRUemڡ]9 k/z&i+&,<CxBJ [cb z QI\W9 H7,hK _qB| 3"@Y aeputcharchrootstrcpywaitpidexecveprctlperror__cxa_finalizestrtoul__stack_chk_failcalloc__deregister_frame_infochdir_ITM_registerTMCloneTablesetgidstrncmpfork_ITM_deregisterTMCloneTablestrcmpsprintf__errno_locationexitstrlen__register_frame_infocap_drop_boundcap_new_launchercap_iab_to_textcap_set_modecap_get_secbitscap_get_ambientcap_iab_get_proccap_mode_namecap_set_flag_finicap_set_proccap_setgroupscap_free_initcap_from_textcap_clear_flagcap_get_boundcap_max_bitscap_iab_set_proccap_set_ambientcap_get_modecap_from_namecap_reset_ambientcap_to_textcap_dupcap_to_namecap_get_flagcap_setuidcap_get_proccap_launchcap_iab_from_textcap_set_secbitsgeteuidstderrfprintfstrdupgetgroupsmallocgetgidgetpwnamgetenvstrerroraccesssleepgetgrouplistgetgrgidsysconfgetgrnam_rfputsstrtoullstrcasestrstrtokkillgetpwuid__libc_start_maingetuidlibcap.so.2libc.musl-x86_64.so.1 0(08@@H PX`hpxP`@  @` (0p8P@0HPX`ӈ;p݉&Fey؊ (?p08M@pHP֋X`h*pbxrތ6k~*\b0ώ8P1Xiptx!X, =(l08Ǒ@H`(hZrZ͒Ic֓@HGPdX`h֔px=aǕە"Mޖ ; p(0ԗ8 @?HmPXƘ`hpxHdsԙQz#/Uyț 6(A0w8@HPX`KhpѝZ7nОC T(0@۟`hFpxʠ%Wc¡ ;ʠT (0ݢ8@P?Xsգ4j?px?pKx $(a08 @?pHɦPX>`phpx"Cw-e ȩ(03@cHPҪX ?uӫ/K`Ŭ ,0`8PQ&)S7NTpx      (08@HPX`h p!x"#$%'(*+,-./012345689 :(;0<8=@>H?P@XA`BhCpDxEFGHIJKLMOP%X5J%L@%Jh%Bh%:h%2h%*h%"h%h%hp% h`%h P%h @%h 0%h %h %ڌh%Ҍh%ʌh%Œh%h%h%h%h%h%hp%h`%hP%zh@%rh0%jh %bh%Zh%Rh%Jh %Bh!%:h"%2h#%*h$%"h%%h&%h'p% h(`%h)P%h*@%h+0%h, %h-%ڋh.%ҋh/%ʋh0%‹h1%h2%h3%h4%h5%h6%h7p%h8`%h9P%zh:@%rh;0%jh< %bh=%Zh>%Rh?%Jh@%BhA%:hB%2hC%*hD%"hE%hF%hGp% hH`%hIP%hJ@%f%f%f%f%fAWAVAUATUSH^H|$0H4$HT$(dH%(H$1H,D$HD$D$D$ D$L$ 9L$0H3H=,B|$ uAxHHu H=,Z8ctH=,p1HH+H=,H>HIHuH=C*V,|$E1rHH=o*IDxzMtL}t H=J,DMtLYt H=S,끅t0DH=)H5d,HH1HRAzLLHHHuH5لH=)HLt$XH59N IHtyLL&tLH5)4MtL|$XMtLD$ rT$ tL$XLH5+ 1sLL HH=+uBHt$XH} }y HH n|$XAHH5+H jHH=+u1 H=+ HH=+u H}  HH=o+duH} 1HH=Q+H} H5(VHAd 8PDH5(HRHH=(=uMH}H5(H| 8H5(HH={16 HH=(EEHI6IHuHH5(@ HHD$ HHuH5t{H=z( HE1Hx HD$PHD$8H5DDd$4IHtwL;d$ |DH5O( A0 v:LD$8Ht$XLLLu HD$PHuLH5.( @ 11LBD1IpLHc|$4HtH5zH= ( H HH='wLeLHHuLH5' D$XdLl$xpHL$XLL  H='aHct$X}L\t H='A}Q W8ULH=yIH5'1R HH='H} 1E1>H='L-BHH1SH5HDHHt uAA@u DHt$ Ht$ HItHH=1LDH=1L띺 HH='uTHt$XH} Qy HH B|$X HL$XH5&H H=x1 HH=&|H5x|H=QH5}|H=&Pox@H=,ALLHrHHH0 7tHuL%E1E11I11'1L=:L5@dLD$ xDL$ MLHL1H= &L-@LLIEL%@IEH= &1W@LLIE@H=&IE13@ LLIE@H=%IE11Px$@ŀLLIE@@H=%IE1ljIALCHtLH4MtIUDH=%1iljHHtHH=%1E1^Ld$x1H=W#KLdL='L-D9~6CH} H5L# H9.H5C#H=q1BHH=7#uDH}HHuHH5#HH t H=#HHH=#Bu-E1E111Ҿ&H="VHH="u6E1E1111'xEH5pH="HH="uH$H="H01 HH=#Ht$XH} t!HH5"H H=Xp1T$XyH5"H=6p1t; -} `{t$XH="9H="1L$XH="H1: HH="Aƅ19-,A HsL$#IHu H="HLHp PLHD$ #HT$ Ht EfEt DEI<$HtHIHp HH_HH=P"u yYH$H=:"H01HH$H=d+HhHtHH=Q+1D$D$ H/H=$+1`D#t8SHH=HiH=%+IHuH56nH=XLH5nH=HH6LLHH|HHHu?H5mH=^LH5H1H߾ 1ADžt:H5@HHuH=mLH5/*1HmAH_E&H1HH5LmHH7HWE1LH cH=\H=}H}H9tH&qHt H=a}H5Z}H)HH?HHHtHpHtfD=9}UH=pHATSt H=pH_lH`lH)IH}HHH9s!fDHH|AH|H9rH=8pt H=N2[A\|]fDff.@H= pt&UH5|H=NH]fATHcHpUISH/H'DHH=D9H=1WH/D1HH=I3HI4$IHt H1[]A\ATHdH%(HD$1uoH=IHt1HL$HtH=|R|$tA1LH ' LeE1HD$dH+%(tHLA\AVAUATIU1SHdH%(HD$1LH=*IIRxQމt@HH=jHHCH5HEH1HWHD$dH+%(HL[]A\A]A^}LLt$PHHHuH5iH=b1H52IHtnLLtH=\iLH5o1뷋|$tHCLDD$H H=iH5WHE1rLHD$dH+%(t'HH[]A\A]A^ATAH%H=hH1DH59A\AV1L5 2AUIHH=ATL% US1PAՅxItCHHuLH= 1#HH= L1 HM뮅u[H= ]A\A]A^[ ]A\A]A^TATUR;HuH= z'HHIHuH= YHq'HH= 1vLNXH]A\BATURHuH=n 1HHH=n IH1LXH]A\AUIATIHdH%(HD$1Hu%H=fLL1H5 v\A<$-t1HLH$:uHL$dH+ %(tHA\A]ÐHyfHt3UHSHgfHHCHHuH]f.PX %s (%d) [/proc/self/status:CapXXX: 0x%016llx] %s Capabilities not availableUnable to check CAP_EFFECTIVE CAP_SETPCAP valueclearallUnable to %s ambient capability [%s] failed to allocate names capability [%s] is unknown to libcap failed to %s ambient [%s=%u] sysconf(%d) returned a non-positive number: %ld %s set =%s%u%s%s failed to get IAB for processfailed to obtain text for IABCurrent IAB: %s failed to get process capabilitiesCurrent: %s %s: want non-negative integer, got "%s" unlockedyesno???/bin/bash--quietobtaining highest capability nameWARNING: libcap needs an update (cap=%d should have a name). --drop=unable to raise CAP_SETPCAP for BSET changesunable to lower CAP_SETPCAP post BSET changeUnable to drop bounding capability [%s] failed to drop [%s=%u] --dropped=cap[%s] not recognized by library cap[%s] raised in bounding vector --has-ambientambient set not supported--addamb=--delamb=--noambfailed to reset ambient set--inh=libcap:cap_clear_flag() internal errorFatal error concerning process capabilitiesOut of memory for inh setnone%s %s+iFatal error internalizing capabilitiesUnable to set inheritable capabilities--strict--caps=unable to interpret [%s] Unable to set capabilities [%s] --modesSupported modes:UNKNOWN %s--modefailed to set mode [%s]: %s unrecognized command [%s] Mode: %s --inmode=mismatched mode got=%s want=%s --keep=invalid --keep valueprctl(PR_SET_KEEPCAPS, %u) failed: %s --chroot=Unable to duplicate capabilitiesunable to select CAP_SET_SYS_CHROOTunable to raise CAP_SYS_CHROOTunable to lower CAP_SYS_CHROOT/Unable to chroot/chdir to [%s]--secbits=invalid --secbits valuefailed to set securebits to 0%o/0x%x --forkfor=already forked invalid --forkfor valuerequire non-zero --forkfor value unable to fork()--killit=invalid --killit signo valueno forked process to kill Unable to kill child processwaitpid didn't match child: %u != %u child terminated with odd signal (%d != %d) --uid=invalid --uid valueFailed to set uid=%u: %s --cap-uid=invalid --cap-uid valueFailed to cap_setuid(%u): %s --gid=invalid --gid valueFailed to set gid=%u: %s --groups=No memory for [%s] operation No memory for gid list Too many groups specified (%d) Failed to identify gid for group [%s] Failed to setgroups. --user=User [%s] not known Unable to get group list for userUnable to set group list for userFailed to set uid=%u(user=%s): %s --decode=0x%016llx=--supports=cap[%s=%d] not supported by kernel --printAmbientSecurebits: 0%lo/0x%lx/%u'b%s (no-new-privs=%d) secure-noroot: %s (%s) secure-no-suid-fixup: %s (%s) secure-keep-caps: %s (%s) secure-no-ambient-raise: %s (%s) uid=%u(%s) euid=%u(%s) gid=%u(%s) %s%u(%s)Guessed mode: %s (%d) --==-+=+no PATH environment variable found for re-execing insufficient memory for parts of path insufficient memory for path building %s/%sfailed to create launcherchild failed to startfailed to wait for PID=%d, result=%x: child PID=%d terminated by signo=%d child PID=%d generated result=%0x execve '%s' failed! --shell=--has-p=cap[%s] not permitted --has-i=cap[%s] not inheritable --has-a=cap[%s] not in ambient vector --has-b=cap[%s] not in bounding vector --is-uid=invalid --is-uid valueuid: got=%d, want=%d --is-gid=invalid --is-gid valuegid: got=%d, want=%d --iab=iab: '%s' malformed unable to set IAB tuple--no-new-privsunable to set no-new-privs--has-no-new-privsno-new-privs not set --license%s see License file for details. Copyright (c) 2008-11,16,19-21 Andrew G. Morgan --explain=unrecognised value '%s' negative capability (%d) invalid (%d) (%d) [/proc/self/status:CapXXX: 0x%016llx] --suggest=invalid named cap--currentusage: %s [args ...] --addamb=xxx add xxx,... capabilities to ambient set --cap-uid= use libcap cap_setuid() to change uid --caps=xxx set caps as per cap_from_text() --chroot=path chroot(2) to this path --current show current caps and IAB vectors --decode=xxx decode a hex string to a list of caps --delamb=xxx remove xxx,... capabilities from ambient --drop=xxx drop xxx,... caps from bounding set --explain=xxx explain what capability xxx permits --forkfor= fork and make child sleep for sec --gid= set gid to (hint: id ) --groups=g,... set the supplemental groups --has-a=xxx exit 1 if capability xxx not ambient --has-b=xxx exit 1 if capability xxx not dropped --has-ambient exit 1 unless ambient vector supported --has-i=xxx exit 1 if capability xxx not inheritable --has-p=xxx exit 1 if capability xxx not permitted --has-no-new-privs exit 1 if privs not limited --help, -h this message (or try 'man capsh') --iab=... use cap_iab_from_text() to set iab --inh=xxx set xxx,.. inheritable set --inmode= exit 1 if current mode is not --is-uid= exit 1 if uid != --is-gid= exit 1 if gid != --keep= set keep-capability bit to --killit= send signal(n) to child --license display license info --mode display current libcap mode --mode= set libcap mode to --modes list libcap named modes --no-new-privs set sticky process privilege limiter --noamb reset (drop) all ambient capabilities --print display capability relevant state --quiet if first argument skip max cap check --secbits= write a new value for securebits --shell=/xx/yy use /xx/yy instead of /bin/bash for -- --strict toggle --caps, --drop and --inh fixups --suggest=text search cap descriptions for text --supports=xxx exit 1 if capability xxx unsupported --uid= set uid to (hint: id ) --user= set uid,gid and groups to that of user == re-exec(capsh) with args as for -- =+ cap_launch capsh with args as for -+ -- remaining arguments are for /bin/bash -+ cap_launch /bin/bash with remaining args (without -- [%s] will simply exit(0)) --help-hunsupported mode: %s unable to find executable '%s' in PATH PATH)Allows a process to perform checkpointand restore operations. Also permitsexplicit PID control via clone3() andalso writing to ns_last_pid.Allows a process to manipulate aspects of the kernelenhanced Berkeley Packet Filter (BPF) system. This isan execution subsystem of the kernel, that manages BPFprograms. CAP_BPF permits a process to: - create all types of BPF maps - advanced verifier features: - indirect variable access - bounded loops - BPF to BPF function calls - scalar precision tracking - larger complexity limits - dead code elimination - potentially other featuresOther capabilities can be used together with CAP_BFP tofurther manipulate the BPF system: - CAP_PERFMON relaxes the verifier checks as follows: - BPF programs can use pointer-to-integer conversions - speculation attack hardening measures can be bypassed - bpf_probe_read to read arbitrary kernel memory is permitted - bpf_trace_printk to print the content of kernel memory - CAP_SYS_ADMIN permits the following: - use of bpf_probe_write_user - iteration over the system-wide loaded programs, maps, links BTFs and convert their IDs to file descriptors. - CAP_PERFMON is required to load tracing programs. - CAP_NET_ADMIN is required to load networking programs.Allows a process to enable observability of privilegedoperations related to performance. The mechanismsinclude perf_events, i915_perf and other kernelsubsystems.Allows a process to read the audit log via a multicastAllows a process to block system suspends - prevent thesystem from entering a lower power state.Allows a process to trigger something that can wake thesystem up.Allows a process to configure the kernel's syslog(printk) behavior.Allows a process to configure the Mandatory AccessControl (MAC) policy. Not all kernels are configuredwith a MAC enabled, but if they are this capability isreserved for code to perform administration tasks.Allows a process to override Manditory Access Control(MAC) access. Not all kernels are configured with a MACmechanism, but this is the capability reserved foroverriding them.Allows a process to set capabilities on files.Permits a process to uid_map the uid=0 of theparent user namespace into that of the childnamespace. Also, permits a process to overridesecurebits locks through user namespacecreation.Allows a process to configure audit logging via aunicast netlink socket.Allows a process to write to the audit log via aAllows a process to take leases on files.Allows a process to perform privileged operations withthe mknod() system call.Allows a process to manipulate tty devices: - configure tty devices - perform vhangup() of a ttyAllows a process to perform time manipulation of clocks: - alter the system clock - enable irix_stime on MIPS - set the real-time clockAllows a process to adjust resource related parametersof processes and the system: - set and override resource limits - override quota limits - override the reserved space on ext2 filesystem (this can also be achieved via CAP_FSETID) - modify the data journaling mode on ext3 filesystem, which uses journaling resources - override size restrictions on IPC message queues - configure more than 64Hz interrupts from the real-time clock - override the maximum number of consoles for console allocation - override the maximum number of keymapsAllows a process to maipulate the execution prioritiesof arbitrary processes: - those involving different UIDs - setting their CPU affinity - alter the FIFO vs. round-robin (realtime) scheduling for itself and other processes.Allows a process to initiate a reboot of the system.Allows a process to perform a somewhat arbitrarygrab-bag of privileged operations. Over time, thiscapability should weaken as specific capabilities arecreated for subsets of CAP_SYS_ADMINs functionality: - configuration of the secure attention key - administration of the random device - examination and configuration of disk quotas - setting the domainname - setting the hostname - calling bdflush() - mount() and umount(), setting up new SMB connection - some autofs root ioctls - nfsservctl - VM86_REQUEST_IRQ - to read/write pci config on alpha - irix_prctl on mips (setstacksize) - flushing all cache on m68k (sys_cacheflush) - removing semaphores - Used instead of CAP_CHOWN to "chown" IPC message queues, semaphores and shared memory - locking/unlocking of shared memory segment - turning swap on/off - forged pids on socket credentials passing - setting readahead and flushing buffers on block devices - setting geometry in floppy driver - turning DMA on/off in xd driver - administration of md devices (mostly the above, but some extra ioctls) - tuning the ide driver - access to the nvram device - administration of apm_bios, serial and bttv (TV) device - manufacturer commands in isdn CAPI support driver - reading non-standardized portions of PCI configuration space - DDI debug ioctl on sbpcd driver - setting up serial ports - sending raw qic-117 commands - enabling/disabling tagged queuing on SCSI controllers and sending arbitrary SCSI commands - setting encryption key on loopback filesystem - setting zone reclaim policyAllows a process to configure process accounting.Allows a process to perform a ptrace() of any otherAllows a process to perform a chroot syscall to changethe effective root of the process' file system:redirect to directory "/" to some other location.Allows a process to perform raw IO: - permit ioper/iopl access - permit sending USB messages to any device via /dev/bus/usbAllows a process to initiate the loading and unloadingof kernel modules. This capability can effectivelymodify kernel without limit.Allows a process to override IPC ownership checks.Allows a process to lock shared memory segments for IPCpurposes. Also enables mlock and mlockall systemcalls.Allows a process to use raw networking: - RAW sockets - PACKET sockets - binding to any address for transparent proxying (also permitted via CAP_NET_ADMIN)Allows a process to perform network configurationoperations: - interface configuration - administration of IP firewall, masquerading and accounting - setting debug options on sockets - modification of routing tables - setting arbitrary process, and process group ownership on sockets (this is also allowed via CAP_NET_RAW) - setting TOS (Type of service) - setting promiscuous mode - clearing driver statistics - multicasing - read/write of device-specific registers - activation of ATM control socketsAllows a process to broadcast to the network and tolisten to multicast.Allows a process to bind to privileged ports: - TCP/UDP sockets below 1024 - ATM VCIs below 32Allows a process to modify the S_IMMUTABLE andS_APPEND file attributes.Allows a process to freely manipulate its inheritablecapabilities.Linux supports the POSIX.1e Inheritable set, the POXIX.1e (Xvector) known in Linux as the Bounding vector, as well asthe Linux extension Ambient vector.This capability permits dropping bits from the Boundingvector (ie. raising B bits in the libcap IABrepresentation). It also permits the process to raiseAmbient vector bits that are both raised in the Permittedand Inheritable sets of the process. This capability cannotbe used to raise Permitted bits, Effective bits beyond thosealready present in the process' permitted set, orInheritable bits beyond those present in the Bounding[Historical note: prior to the advent of file capabilities(2008), this capability was suppressed by default, as itsunsuppressed behavior was not auditable: it couldasynchronously grant its own Permitted capabilities to andremove capabilities from other processes arbitrarily. Theformer leads to undefined behavior, and the latter is betterserved by the kill system call.]Allows a process to freely manipulate its own UIDs: - arbitrarily set the UID, EUID, REUID and RESUID values - allows the forging of UID credentials passed over a socketAllows a process to freely manipulate its own GIDs: - arbitrarily set the GID, EGID, REGID, RESGID values - arbitrarily set the supplementary GIDs - allows the forging of GID credentials passed over aAllows a process to send a kill(2) signal to any otherprocess - overriding the limitation that there be a[E]UID match between source and target process.Allows a process to set the S_ISUID and S_ISUID bits ofthe file permissions, even when the process' effectiveUID or GID/supplementary GIDs do not match that of theAllows a process to perform operations on files, evenwhere file owner ID should otherwise need be equal tothe UID, except where CAP_FSETID is applicable. Itdoesn't override MAC and DAC restrictions.Allows a process to override all DAC restrictionslimiting the read and search of files anddirectories. This excludes DAC access covered byAllows a process to override of all DiscretionaryAccess Control (DAC) access, including ACL executeaccess. That is read, write or execute files that theprocess would otherwise not have access to. Thisexcludes DAC access covered by CAP_LINUX_IMMUTABLE.Allows a process to arbitrarily change the user andgroup ownership of a file.;d ` PDU =dtzRx $ؑFJ w?;*3$"Dp((\BKF vABBD ETyBBB D(C0F@ 0D(A BBBE 0D(A BBBѳ7BtHBKO H(A0^ (H BBBE A(F BBB$hHrBAA cDB$YBAA JDB$ôBEG0uBB0oBBB B(A0A8K @ aeo0 p  X*0x oo&@6@F@V@f@v@@@@@@@@@AA&A6AFAVAfAvAAAAAAAAABB&B6BFBVBfBvBBBBBBBBBCC&C6CFCVCfCvCCCCCCCCCDD&D6DFDVDfDvDDDDDD0@ P`@ @` pP0ӈ;p݉&Fey؊?pMp֋*brތ6k~*\bώ1it!X,=lǑ(ZrZ͒Ic֓Gd֔=aǕە"Mޖ ;pԗ ?mƘHdsԙQz#/Uyț6AwKѝZ7nОCT۟Fxʠ%Wc¡ ;ʠTݢ?sգ4j?px?pKx$a ?pɦ>p"Cw-eȩ3cҪ ?uӫ/K`Ŭ,`GCC: (Alpine 10.3.1_git20210921) 10.3.1 20210921GCC: (Alpine 10.3.1_git20211027) 10.3.1 20211027.shstrtab.interp.note.gnu.property.gnu.hash.dynsym.dynstr.rela.dyn.rela.plt.init.plt.got.text.fini.rodata.eh_frame_hdr.eh_frame.ctors.dtors.data.rel.ro.dynamic.data.bss.comment 0&o00<0 pp8 @00xJB**T@@ O@@ZDD(cEEa iaeaeopp=wdȻ^XXH `H 0Hb