Re: Running NMAP as a non root user - patch

[Fyodor <fyodor () insecure org>]

On Mon, May 16, 2005 at 10:48:00PM +0200, Felix Gröbert wrote:
> A setuid nmap executeable is a bad idea. So do not chmod +s it if your 
> friend wants to test his firewall rules from your box:

I agree.  And the man page makes this crystal clear in 2 places:

  "nmap should be run as root whenever possible (not setuid root, of
   course)."

  "Nmap  should never be installed with special privileges (eg suid
   root) for security reasons."

> A nice backdoor... --interactive isn't in the man page, maybe for a 
> reason

It's not a backdoor, since people have to install Nmap in a
non-default way in direct violation of repeated security warnings in
the man page in order to be "vulnerable".  And as others have noted on
this thread, interactive mode is only one of many huge security risks
of running Nmap setuid.

Interactive mode isn't in the man page, though here is the text from
the release announcement when it was added more than 5 years ago:

 "[2.3BETA12] contains some cool new features. One is interactive
  mode, which gives you an interactive Nmap prompt and allows you
  easily launch multiple scans (either synchronously or in the
  background). This is useful for people who scan from multi-user
  systems -- they often want to test their security without letting
  everyone else on the system knowing exactly what systems they are
  scanning. Use --interactive to activate this mode and then type 'h'
  for help."
    --http://seclists.org/lists/nmap-hackers/2000/Jan-Mar/0000.html

I've added a short note about --interactive to the man page for the
next Nmap.  But it is a relatively useless option that I may
eventually remove.  Your normal shell is probably much more
convenient.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev