[Patch] Automatically switch to privileged when Nmap has required capabilities

[Jay Bosamiya <jaybosamiya () gmail com>]

Hi All!

Until now, even if Nmap had capabilities (CAP_NET_RAW, CAP_NET_ADMIN,
CAP_NET_BIND_SERVICE), it would not be able to use them unless
--privileged was specified.
The attached patch let's Nmap automatically switch to privileged if it
has all the above capabilities.

The patch requires the libcap library but we don't need to ship it with
Nmap since it is a pretty common library.

While I was working on this feature, I got a couple of ideas for follow ups:

  * If the executable itself has been granted the capabilities (using
    `sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip
    nmap`) and if Nmap is run as root, then tell the user that root is
    unnecessary, drop privileges and switch to the user "nobody/nogroup".
        This seems to be having some problems, however, when
    implementing. The moment the user is dropped to nobody/nogroup, the
    capabilities too are unusable. I am still looking into this.
  * When installing Nmap through "make install", we can grant the
    capabilities (by default) so that users can use privileged features
    without the security risk of running as root.
  * If the user specifies --unprivileged, drop the user to
    "nobody/nogroup" whenever possible so that it is more secure.


What do you think about the ideas?

Feedback (for patch and/or ideas) is appreciated, as always :)

Note: When reviewing the patch, you can ignore the changes to the
configure script since it is automatically generated using autoconf.

Cheers,
Jay

Attachment: capabilities.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/