Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Patch] Automatically switch to privileged when Nmap has required capabilities

From: nnposter () users sourceforge net
Date: Wed, 13 Aug 2014 16:08:25 +0000
Daniel Miller wrote: 

This is not a good idea, because these capabilities are protecting
privileged operations that admins may not want to grant to regular users.
Specifically, being able to sniff network traffic, possibly being permitted
to manage network interfaces, etc. On the other hand, we could ship a
simple script to do this, or create a new make target, "make setcap" or
something, to make it easier for people to do it on their own.


In agreement with Dan, I like the Ubuntu approach for Wireshark:
Dumpcap is installed as a regular binary and the system admin then has
the option to use dpkg-reconfigure to set the relevant capabilities.
(The Ubuntu package for nmap does not offer anything in this respect.)

For internal use I manage a Debian package for nmap, imitating the
Ubuntu approach to Wireshark. I will be happy to post the corresponding
post-install/post-remove scripts if anybody is interested.


Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: