Re: Capturing the output of nmap from within a Perl script

First, I'm not really sure what nmap is. That's probably not too important.

Second, I'm not sure what a root-only binary is doing in /usr/bin. It should be in /usr/sbin. So that's a bit odd.

Finally, you want sudo. It provides the ability to allow a user (e.g., "wwwrun" or "apache" or whatever your server drops privileges to) to become another user (e.g., 'root') to run specific programs (e.g., "/usr/bin/nmap"), optionally (well, mandatory for you) without providing a password.

my $output = `sudo /usr/bin/nmap -sU -p 2300,6500 $ENV{'REMOTE_ADDR'}`
+;
[download]

~~Note that setting the suid bit is not enough unless the program is written to take advantage of the bit.~~

Update: Not sure what I'm on. I still prefer sudo to set-uid.

Comment on Re: Capturing the output of nmap from within a Perl script Download Code

Replies are listed 'Best First'.
Re^2: Capturing the output of nmap from within a Perl script by mrborisguy (Hermit) on Aug 09, 2005 at 01:10 UTC
nmap is in /usr/bin because there are things that the user are allowed to do with nmap, and it is a user runable program. However, if you want to do some of the advanced things, one of which that I can think of is sending a SYN packet, listening for a SYN/ACK, and then not sending the ACK packet back (somehow it tricks some OS's / services so that they don't log that they were nmap'ed), then you need root privileges. I think almost all of the -s options require root privileges. The point being, though, that the user can do a limited number of things with nmap. -Bryan	[reply]
Re^2: Capturing the output of nmap from within a Perl script by Anonymous Monk on Aug 08, 2005 at 23:59 UTC
I agree that sudo is probably a better solution, but why do you say that the setuid bit is not enough? If the EUID of a process is zero, then that process will bypass permission checks, which should allow it to function exactly as if root had run it. Unless the program is peversely written to explicitly check it's RUID and implements its own permissions based on that, there shouldn't be a problem.	[reply]
Re^2: Capturing the output of nmap from within a Perl script by spiritway (Vicar) on Aug 09, 2005 at 01:05 UTC
You made a good point - what's it doing in /usr/bin? But on my box, that's where nmap lives. I believe the answer is that nmap isn't root-only. It can be run by ordinary mortals, although some functionality is unavailable to them.	[reply]