Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Running NMAP as a non root user - patch
From: Fyodor <fyodor () insecure org>
Date: Mon, 16 May 2005 11:54:22 -0700

On Mon, May 16, 2005 at 12:51:47PM +0300, Uri Gilad wrote:
    using the linux kernel capabilities (
http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt),
and the following patch for nmap it is possible to run nmap as a
non-root user granting it only raw network capabilities. 

Good point.  I have modified Nmap as follows for the next version:

  Added new --privileged command-line option and NMAP_PRIVILEGED
  environmental variable.  Either of these tell Nmap to assume that
  the user has full privileges to execute raw packet scans, OS
  detection and the like.  This can be useful when Linux kernel
  capabilities or other systems are used that allow non-root users to
  perform raw packet or ethernet frame manipulation.  Without this
  flag or variable set, Nmap bails on UNIX if geteuid() is nonzero.

Cheers,
Fyodor


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]