Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nping notes

From: Djalal Harouni <tixxdz () opendz org>
Date: Sun, 15 Apr 2012 14:03:30 +0100
Hi,

Thanks for sending this, I'll add a note to complaint (2)

On Sat, Apr 14, 2012 at 09:36:09PM -0700, dan farmer wrote:
[...]

2)    Different and almost invisible but important behavior based on
intangibles is a really, really bad idea.  Yes, Nmap does this too, and I¹ve
already griped to Fyodor about it long ago (see what good it did there!)
But to have nping do one thing when you¹re root and a very different thing
as a normal user in the most common option of them all is guaranteed to
confound and garner negativity.  I¹m talking about the simple:

 
$ nping example.com
 
Vs. the very different:
 
# nping example.com
 
The difference here, if not clear, is the prompt; the euid of the user,
whether priv¹d or not (actually I think sometimes it¹s euid, and othertimes
permissions on the dev).  I¹ll talk about this more later.  But suffice it
to say that invisibly toggling behavior and changing output based on euid
(or w/e is used) is not a very friendly thing to do, and certainly against
the unix tradition (shaking my cane!)  I had no idea why it was doing tcp
pings by default Š then found out as root it did icmp by default.  I'd much

There is the new ICMP ECHO with sockets on Linux [1] which can be used for
unprivileged/privileged users.


rather get an error as an upriv'd user.  FWIW, IMHO, etc. (FWIW/FYI, on some
linux systems, you can do ³# cp /bin/ping /tmp/tmp-ping; setcap
'cap_net_raw=+ep' /tmp/tmp-ping² and /tmp/tmp-ping will work like normal
ping, even w/o SUID bit.)

I agree, and IMO root should drop to capabilities by default if they are
supported.

If cap_net_raw is there then Nmap also must use it, this way we also protect
all this code Nping,Nmap/NSE (scripts and libraries) ... from any abuse.


[1] http://thread.gmane.org/gmane.linux.kernel/1139863

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: