Nmap Development mailing list archives
Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable
From: Fyodor <fyodor () nmap org>
Date: Mon, 28 Jan 2013 13:58:44 -0800
On Wed, Jan 23, 2013 at 6:51 AM, Tyler J. Wagner <tyler () tolaris com> wrote:
Everyone, I have configured nmap for unprivileged users:
Nice. I was going to suggest that maybe you could document to process on SecWiki.org, but now I see that you documented it in a handy blog post: http://www.tolaris.com/2013/01/24/running-nmap-as-an-unprivileged-user/ You might want to add a prominent warning of the security risks of doing this. If you let any user run Nmap with these extra capabilities, they could use NSE scripts (for example) to sniff the network, change firewall roules and interface configuration, and anything else the capabilities allow. A clever person could probably escalate to full root privileges without too much trouble. Maybe you could mention this right before the suggestion of restricting Nmap to a certain group so that users may better understand the consequences of ignoring that advice. You could also edit the section about the Zenmap warning to note that your patch was applied and so future versions of Nmap (and current svn) won't have that problem. Cheers, Fyodor _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Patch to make Zenmap respect NMAP_PRIVILEGED environment variable Tyler J. Wagner (Jan 23)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable David Fifield (Jan 23)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable Tyler J. Wagner (Jan 24)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable Tyler J. Wagner (Jan 24)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable David Fifield (Jan 24)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable Tyler J. Wagner (Jan 24)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable David Fifield (Jan 23)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable Fyodor (Jan 28)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable Tyler J. Wagner (Jan 28)
- Secwiki.org Tyler J. Wagner (Jan 28)
- Re: Secwiki.org David Fifield (Jan 28)
- Re: Patch to make Zenmap respect NMAP_PRIVILEGED environment variable Tyler J. Wagner (Jan 28)