mailing list archives
Re: nmap issue
From: David Fifield <david () bamsoftware com>
Date: Fri, 16 May 2008 22:14:59 -0600
On Fri, May 16, 2008 at 02:52:36PM -0700, Fyodor wrote:
Here is one idea for potentially fixing this:
1) We can compile Nmap with a "manifest" embedded with the
requestedExecutionLevel set to 'highestAvailable' so that UAC
confirmation will be requested at startup if the user is an admin.
2) We need to then test if the user has proper admin privileges. If
so, we go forward as normal. If not, we set o.isr00t to 0 just as
we would do if run with --unprivileged. Maybe we should print a
warning in this case (at least in verbose mode) because Nmap really
is crippled in this situation.
It would be cool to have a general intelligent check for admin
privileges. Then the same mechanism could check for read/write of
/dev/bpf* devices and enforce --send-eth if necessary on BSDs.
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org