Re: [NMAP::Patch] Add support for check Linux capabilities privileges

[Leonardo Amaral <leleobhz () leleobhz org>]

David Fifield escreveu:
> On Tue, Dec 01, 2009 at 09:41:37AM -0200, Leonardo Amaral wrote:
>    
> > Hello List! (Its a more or less equal the mail i've sent to Fyodor)
> >
> > Im has a inspired guy with insomnia (4:15a.m here :p) ive created a
> > patch to support capabilities. It worked very well, but this patch
> > should be revised to dont have problems with security. I think kernel
> > knowing the app capabilities, it allow the operation automatically. Ive
> > defined has required capabilities these:
> >
> > CAP_NET_ADMIN
> >                 Perform  various network-related operations (e.g.,
> > setting privileged socket options, enabling multicasting, interface
> > configuration, modifying routing tables).
> >
> > CAP_NET_BROADCAST
> >          (Unused)  Make socket broadcasts, and listen to multicasts.
> >
> > CAP_NET_RAW
> >          Use RAW and PACKET sockets.
> >
> > Im sending the patch attached to version 5.10BETA1.
> >      
>
> Hi. This is a nice idea. If I understand correctly, this would allow
> nmap to be installed not setuid, with only a few capabilities set, so
> that non-root users could run privileged scans.
Right!
> It would be good for
> security to run Nmap as a normal user, so that any security exploits
> wouldn't have access to every root has access to, only some network and
> packet-sending privileges.
No more suid/sgid/sudo/su/whatever :]
>   We could encourage distributors to install it
> that way, perhaps with execution limited to an nmap group or something.
>
> For this patch to be included, it will have to compile on all the
> platforms Nmap compiles on now. That will mean checking for capabilities
> support in configure.ac, and then conditionally compiling the parts that
> use capabilities.
>    
This is a Linux specific implementation and this is the reason to only 
compile this support on linux - detecting it in configure script.
> What do you mean when you say the patch should be revised not to have
> problems with security?
>    
Im sysadmin that love programming, but im not yet a hard programming and 
i dont know implementations issues about security (Things like gets() 
and fgets() usage concerning overflows). Im afraid i forgot something or 
use some function is not recommended. Notting about security of 
capabilities (If its insecure, is a linux kernel problem - what make me 
think if the capabilities per se is a problem, linux kernel will have 
biggers problems to solve concerning security than this - and anyway, 
capabilites comes to fix suid for every application for a specific usage 
- like nmap)
> David Fifield
>    
P.s: Sorry about my very very bad english writing :]
P.s2: Sorry for HTML mail. New mail client here.

--
Leonardo Amaral - Administrador de Sistemas Linux
Cerificado LPIC-2 LPI000106747 (Verificador hgwxf77vau)
Tel: +55 31 8542-7467 / +55 31 4062-7411
--
Leonardo Amaral - Linux System Administrator
LPI ID: LPI000106747 Level 2 certified (Verifier hgwxf77vau)
Tel: +55 31 8542-7467 / +55 31 4062-7411


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/