PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-16 11:29:02 +00:00
Code Issues Projects Releases Wiki Activity

Moved the setuid check from main.cc to nmap.cc after option parsing so that I can use error() and have it write to output file with --log-errors, etc. I did receive a complaint that the setuid warning isn't converted to script kiddie mode when -oS is enabled. If we decide that we want script kiddify error messages, we'll have to add that support to error()

Browse Source
This commit is contained in:
fyodor
2012-06-02 18:08:39 +00:00
parent 2637fa19f4
commit 4402144394
2 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
main.cc
View File

@@ -132,20 +132,6 @@ extern NmapOps o; /* option structure */
extern void set_program_name(const char *name);
#ifdef WIN32
static void check_setugid(void) {
}
#else
/* Show a warning when running setuid or setgid, as this allows code execution
(for example NSE scripts) as the owner/group. */
static void check_setugid(void) {
if (getuid() != geteuid())
log_write(LOG_PLAIN, "WARNING: Running Nmap setuid, as you are doing, is a major security risk.\n");
if (getgid() != getegid())
log_write(LOG_PLAIN, "WARNING: Running Nmap setgid, as you are doing, is a major security risk.\n");
}
#endif
int main(int argc, char *argv[]) {
/* The "real" main is nmap_main(). This function hijacks control at the
beginning to do the following:
@@ -162,9 +148,6 @@ int main(int argc, char *argv[]) {
set_program_name(argv[0]);
/* Warn if setuid/setgid. */
check_setugid();
#ifdef __amigaos__
if(!OpenLibs()) {
error("Couldn't open TCP/IP Stack Library(s)!");

17
nmap.cc
View File

@@ -351,6 +351,20 @@ printf("%s %s ( %s )\n"
exit(rc);
}
#ifdef WIN32
static void check_setugid(void) {
}
#else
/* Show a warning when running setuid or setgid, as this allows code execution
(for example NSE scripts) as the owner/group. */
static void check_setugid(void) {
if (getuid() != geteuid())
error("WARNING: Running Nmap setuid, as you are doing, is a major security risk.\n");
if (getgid() != getegid())
error("WARNING: Running Nmap setgid, as you are doing, is a major security risk.\n");
}
#endif
static void insert_port_into_merge_list(unsigned short *mlist,
int *merged_port_count,
unsigned short p) {
@@ -1454,6 +1468,9 @@ void apply_delayed_options() {
o.sendpref = PACKET_SEND_ETH_STRONG;
}
/* Warn if setuid/setgid. */
check_setugid();
/* By now, we've got our port lists. Give the user a warning if no
* ports are specified for the type of scan being requested. Other things
* (such as OS ident scan) might break cause no ports were specified, but