Re: [Patch] Automatically switch to privileged when Nmap has required capabilities

[Jay Bosamiya <jaybosamiya () gmail com>]

On Wednesday 13 August 2014 09:45 PM, Patrick Donnelly wrote:
> I agree with Dan here. Of particular concern is the ability of a user
> to run arbitrary NSE scripts that can sniff network traffic and create
> packets with malicious headers. I do very much like the idea of Nmap
> downgrading privileges when run as root, keeping only the capabilities
> that it needs. 

List,

Taking into account all the discussion that happened on this topic, I've
modified the original patch (a lot!). Attached is the new patch.

Here's a summary of the changes:

  * If capabilities exist for the nmap executable file, then use them
  * If --unprivileged is used, then drop privileges (and also drop
    capabilities)
  * If run as root, then drop privileges without losing the capabilities
    that it needs
  * The user to drop to is currently fixed to "nobody" but the code has
    been written in such a way that it will be trivial to add a CLI
    option to choose the user to drop to (just have to do a `o.drop_user
    = strdup(optarg);`). I have currently not added such a CLI option
    because of being unsure of the security implications of this.
  * Two new make targets
      o "make setcap" grants capabilities to the nmap executable in the
        same directory
      o "make setcap-install" grants capabilities to nmap executable in
        the installation path

Feedback is welcome as always :)

Cheers,
Jay

Attachment: capabilities_with_drop_privileges.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/