On Mon, May 16, 2005 at 12:51:47PM +0300, Uri Gilad wrote:
> using the linux kernel capabilities (
> http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt),
> and the following patch for nmap it is possible to run nmap as a
> non-root user granting it only raw network capabilities.
Good point. I have modified Nmap as follows for the next version:
Added new --privileged command-line option and NMAP_PRIVILEGED
environmental variable. Either of these tell Nmap to assume that
the user has full privileges to execute raw packet scans, OS
detection and the like. This can be useful when Linux kernel
capabilities or other systems are used that allow non-root users to
perform raw packet or ethernet frame manipulation. Without this
flag or variable set, Nmap bails on UNIX if geteuid() is nonzero.
Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on May 16 2005
Intro
