Nmap Development mailing list archives
Re: The difficulty of running Nmap with privileges on Mac OS X
From: bensonk () acm wwu edu
Date: Sat, 17 May 2008 22:17:34 -0700
3. Use Authorization Services to run just the Nmap commands as root. The user would authenticate once per session. This is really the ideal solution, because it limits the amount of code that runs privileged, and Zenmap runs as a real user, with files in their own home directory. Unfortunately, the function AuthorizationExecuteWithPrivileges doesn't give us much information about the child process, not even a PID. This means that we can't kill the Nmap process when a scan tab is closed. However, this may not be such a huge limitation.
I like this option by far the best. I think that shipping setuid binaries is a bad idea, generally speaking, and I think that not killing the nmap process when a tab is closed is better than shipping a setuid binary. What about some wrapper script that's not setuid, but that you execute with AuthorizationExecuteWithPrivileges? It could exec nmap and output the pid to stdout or something. Just a thought. Benson
Attachment:
_bin
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- The difficulty of running Nmap with privileges on Mac OS X David Fifield (May 17)
- Re: The difficulty of running Nmap with privileges on Mac OS X Kris Katterjohn (May 17)
- Re: The difficulty of running Nmap with privileges on Mac OS X bensonk (May 17)
- Re: The difficulty of running Nmap with privileges on Mac OS X bmenrigh (May 18)
- Re: The difficulty of running Nmap with privileges on Mac OS X Nathan (May 18)
- Re: The difficulty of running Nmap with privileges on Mac OS X bmenrigh (May 18)