Re: [NMAP::Patch] Add support for check Linux capabilities privileges

[David Fifield <david () bamsoftware com>]

On Tue, Dec 01, 2009 at 09:41:37AM -0200, Leonardo Amaral wrote:
> Hello List! (Its a more or less equal the mail i've sent to Fyodor)
>
> Im has a inspired guy with insomnia (4:15a.m here :p) ive created a
> patch to support capabilities. It worked very well, but this patch
> should be revised to dont have problems with security. I think kernel
> knowing the app capabilities, it allow the operation automatically. Ive
> defined has required capabilities these:
>
> CAP_NET_ADMIN
>                Perform  various network-related operations (e.g.,
> setting privileged socket options, enabling multicasting, interface
> configuration, modifying routing tables).
>
> CAP_NET_BROADCAST
>         (Unused)  Make socket broadcasts, and listen to multicasts.
>
> CAP_NET_RAW
>         Use RAW and PACKET sockets.
>
> Im sending the patch attached to version 5.10BETA1.

Hi. This is a nice idea. If I understand correctly, this would allow
nmap to be installed not setuid, with only a few capabilities set, so
that non-root users could run privileged scans. It would be good for
security to run Nmap as a normal user, so that any security exploits
wouldn't have access to every root has access to, only some network and
packet-sending privileges. We could encourage distributors to install it
that way, perhaps with execution limited to an nmap group or something.

For this patch to be included, it will have to compile on all the
platforms Nmap compiles on now. That will mean checking for capabilities
support in configure.ac, and then conditionally compiling the parts that
use capabilities.

What do you mean when you say the patch should be revised not to have
problems with security?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/