Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nping notes
From: Djalal Harouni <tixxdz () opendz org>
Date: Sun, 15 Apr 2012 14:03:30 +0100

Hi,

Thanks for sending this, I'll add a note to complaint (2)

On Sat, Apr 14, 2012 at 09:36:09PM -0700, dan farmer wrote:
[...]
2)    Different and almost invisible but important behavior based on
intangibles is a really, really bad idea.  Yes, Nmap does this too, and I¹ve
already griped to Fyodor about it long ago (see what good it did there!)
But to have nping do one thing when you¹re root and a very different thing
as a normal user in the most common option of them all is guaranteed to
confound and garner negativity.  I¹m talking about the simple:

 
$ nping example.com
 
Vs. the very different:
 
# nping example.com
 
The difference here, if not clear, is the prompt; the euid of the user,
whether priv¹d or not (actually I think sometimes it¹s euid, and othertimes
permissions on the dev).  I¹ll talk about this more later.  But suffice it
to say that invisibly toggling behavior and changing output based on euid
(or w/e is used) is not a very friendly thing to do, and certainly against
the unix tradition (shaking my cane!)  I had no idea why it was doing tcp
pings by default Š then found out as root it did icmp by default.  I'd much
There is the new ICMP ECHO with sockets on Linux [1] which can be used for
unprivileged/privileged users.

rather get an error as an upriv'd user.  FWIW, IMHO, etc. (FWIW/FYI, on some
linux systems, you can do ³# cp /bin/ping /tmp/tmp-ping; setcap
'cap_net_raw=+ep' /tmp/tmp-ping² and /tmp/tmp-ping will work like normal
ping, even w/o SUID bit.)
I agree, and IMO root should drop to capabilities by default if they are
supported.

If cap_net_raw is there then Nmap also must use it, this way we also protect
all this code Nping,Nmap/NSE (scripts and libraries) ... from any abuse.


[1] http://thread.gmane.org/gmane.linux.kernel/1139863

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • nping notes dan farmer (Apr 15)
    • Re: nping notes Djalal Harouni (Apr 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault