From 4402144394bcd3d0e2d50433b72a79528e0e8a16 Mon Sep 17 00:00:00 2001
From: fyodor <fyodor@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 2 Jun 2012 18:08:39 +0000
Subject: [PATCH] Moved the setuid check from main.cc to nmap.cc after option
 parsing so that I can use error() and have it write to output file with
 --log-errors, etc.  I did receive a complaint that the setuid warning isn't
 converted to script kiddie mode when -oS is enabled.  If we decide that we
 want script kiddify error messages, we'll have to add that support to error()

---
 main.cc | 17 -----------------
 nmap.cc | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/main.cc b/main.cc
index 6703a9520..08a1b0278 100644
--- a/main.cc
+++ b/main.cc
@@ -132,20 +132,6 @@ extern NmapOps o;  /* option structure */
 
 extern void set_program_name(const char *name);
 
-#ifdef WIN32
-static void check_setugid(void) {
-}
-#else
-/* Show a warning when running setuid or setgid, as this allows code execution
-   (for example NSE scripts) as the owner/group. */
-static void check_setugid(void) {
-  if (getuid() != geteuid())
-    log_write(LOG_PLAIN, "WARNING: Running Nmap setuid, as you are doing, is a major security risk.\n");
-  if (getgid() != getegid())
-    log_write(LOG_PLAIN, "WARNING: Running Nmap setgid, as you are doing, is a major security risk.\n");
-}
-#endif
-
 int main(int argc, char *argv[]) {
   /* The "real" main is nmap_main().  This function hijacks control at the
      beginning to do the following:
@@ -162,9 +148,6 @@ int main(int argc, char *argv[]) {
 
   set_program_name(argv[0]);
 
-  /* Warn if setuid/setgid. */
-  check_setugid();
-
 #ifdef __amigaos__
 	if(!OpenLibs()) {
 		error("Couldn't open TCP/IP Stack Library(s)!");
diff --git a/nmap.cc b/nmap.cc
index f3c3bf15b..886d65139 100644
--- a/nmap.cc
+++ b/nmap.cc
@@ -351,6 +351,20 @@ printf("%s %s ( %s )\n"
   exit(rc);
 }
 
+#ifdef WIN32
+static void check_setugid(void) {
+}
+#else
+/* Show a warning when running setuid or setgid, as this allows code execution
+   (for example NSE scripts) as the owner/group. */
+static void check_setugid(void) {
+  if (getuid() != geteuid())
+    error("WARNING: Running Nmap setuid, as you are doing, is a major security risk.\n");
+  if (getgid() != getegid())
+    error("WARNING: Running Nmap setgid, as you are doing, is a major security risk.\n");
+}
+#endif
+
 static void insert_port_into_merge_list(unsigned short *mlist,
                                         int *merged_port_count,
                                         unsigned short p) {
@@ -1454,6 +1468,9 @@ void  apply_delayed_options() {
       o.sendpref = PACKET_SEND_ETH_STRONG;
   }
 
+  /* Warn if setuid/setgid. */
+  check_setugid();
+
   /* By now, we've got our port lists.  Give the user a warning if no
    * ports are specified for the type of scan being requested.  Other things
    * (such as OS ident scan) might break cause no ports were specified,  but