Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[patch] Nmap on Solaris 10

From: Todd Carson <tc () jc dsl telerama com>
Date: Wed, 20 Oct 2004 19:56:54 -0400
I wrote a tentative patch against Nmap 3.75 which makes it aware of
Solaris 10's new fine-grained privilege model. It replaces the various
'geteuid() == 0' checks with checks to see if certain privileges are in
effect.

So with this patch on Solaris 10 you can perform advanced scans with
Nmap as a non-root user as long as the system is configured to allow
your account to run Nmap with the privileges it needs (net_rawaccess and
net_icmpaccess according to my cursory testing).

It's really only a difference of a few lines in two different files (for
nmap and nmapfe), and it has many limitations. For one thing, I don't
know enough about autoconf to add a check for the privilege support
there, so to compile it privilege-aware one would need to add
'-DSOLARIS_PRIVILEGES' to the CPPFLAGS environment variable when
configuring (or put it in the makefile).

It would also be nice if it would check for only the privileges it needs
for the scan type being requested (net_rawaccess is probably needed for
everything except the connect() scan; net_icmpaccess may not be
necessary if you use the -P0 option, but I'm not sure). I may update it
to do this in the future.

The patch is attached and can also be had at:
http://www.pitt.edu/~toc1/nmap-solaris.diff.gz

Also, to get nmap 3.75 to build on my system, I had to comment out a
section of the autoconf script (and rerun autoconf) as follows:

--- configure.ac.old    Wed Oct 20 19:48:55 2004
+++ configure.ac        Wed Oct 20 19:48:39 2004
@@ -42,10 +42,10 @@
  if test -n "$GXX"; then
       CXXFLAGS="$CXXFLAGS -Wall "
  fi
-AC_CHECK_PROG(CXXPROG, "$CXX", "AVAILABLE", "MISSING")
-if test $CXXPROG = "MISSING"; then
-  AC_MSG_ERROR([Could not locate a C++ compiler. If it exists, add it
   to your PATH or give configure the CXX=path_to_compiler argument.
Otherwise, install a C++ compiler such as g++ or install a binary
package of Nmap (see http://www.insecure.org/nmap/nmap_download.html
))])
-fi
+#AC_CHECK_PROG(CXXPROG, "$CXX", "AVAILABLE", "MISSING")
+#if test $CXXPROG = "MISSING"; then
+#  AC_MSG_ERROR([Could not locate a C++ compiler. If it exists, add it
to your PATH or give configure the CXX=path_to_compiler argument.
Otherwise, install a C++ compiler such as g++ or install a binary
package of Nmap (see http://www.insecure.org/nmap/nmap_download.html
))])
+#fi
 
 dnl AC_PROG_INSTALL
 dnl AC_PATH_PROG(MAKEDEPEND, makedepend)

This is because the test program generated by the configure script is
not including stdlib.h, which is needed for exit().
This is quite possibly specific to my system and compilers, which are:

Solaris 10 b63 (SPARC)
GCC 3.4.2, with ProPolice patch
GCC 3.3.4, standard (both failed)

I don't know enough about autoconf to fix it properly, so I just
commented out the check. This change isn't included in my patch; I'm
just mentioning it in case someone else runs into it.

 -- Todd Carson
tc () telerama com

Attachment: nmap-solaris.diff.gz
Description: 

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org
Previous By Date Next
Previous By Thread Next

Current thread: