Репозитории ALT
Группа :: Мониторинг
Пакет: nmap
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: nmap-4.20-alt-owl-drop-priv.patch
Скачать
Скачать
diff -urpN nmap-4.20-autoheader/MACLookup.cc nmap-4.20/MACLookup.cc
--- nmap-4.20-autoheader/MACLookup.cc 2006-11-06 02:14:45 +0000
+++ nmap-4.20/MACLookup.cc 2007-10-07 10:06:30 +0000
@@ -105,6 +105,7 @@
#include "MACLookup.h"
#include "nmap.h"
#include "nmap_error.h"
+#include "droppriv.h"
struct MAC_entry {
int prefix; /* -1 means none set */
@@ -128,7 +129,7 @@ static inline int MACTableHash(int prefi
return prefix % table_capacity;
}
-static void mac_prefix_init() {
+void mac_prefix_init() {
static int initialized = 0;
if (initialized) return;
initialized = 1;
diff -urpN nmap-4.20-autoheader/Makefile.in nmap-4.20/Makefile.in
--- nmap-4.20-autoheader/Makefile.in 2006-12-08 02:53:47 +0000
+++ nmap-4.20/Makefile.in 2007-10-07 09:34:54 +0000
@@ -48,11 +48,11 @@ TARGET = nmap
TARGETNMAPFE=@TARGETNMAPFE@
INSTALLNMAPFE=@INSTALLNMAPFE@
-export SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc osscan2.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc nmap_tty.cc nmap_dns.cc @COMPAT_SRCS@
+export SRCS = main.cc nmap.cc targets.cc tcpip.cc nmap_error.cc utils.cc idle_scan.cc osscan.cc osscan2.cc output.cc scan_engine.cc timing.cc charpool.cc services.cc protocols.cc nmap_rpc.cc portlist.cc NmapOps.cc TargetGroup.cc Target.cc FingerPrintResults.cc service_scan.cc NmapOutputTable.cc MACLookup.cc nmap_tty.cc nmap_dns.cc droppriv.cc @COMPAT_SRCS@
-export HDRS = charpool.h FingerPrintResults.h global_structures.h idle_scan.h MACLookup.h nmap_amigaos.h nmap_dns.h nmap_error.h nmap.h NmapOps.h NmapOutputTable.h nmap_rpc.h nmap_tty.h nmap_winconfig.h osscan.h osscan2.h output.h portlist.h protocols.h scan_engine.h service_scan.h services.h TargetGroup.h Target.h targets.h tcpip.h timing.h utils.h
+export HDRS = charpool.h FingerPrintResults.h global_structures.h idle_scan.h MACLookup.h nmap_amigaos.h nmap_dns.h nmap_error.h nmap.h NmapOps.h NmapOutputTable.h nmap_rpc.h nmap_tty.h nmap_winconfig.h osscan.h osscan2.h output.h portlist.h protocols.h scan_engine.h service_scan.h services.h TargetGroup.h Target.h targets.h tcpip.h timing.h utils.h droppriv.h
-OBJS = main.o nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o osscan2.o output.o scan_engine.o timing.o charpool.o services.o protocols.o nmap_rpc.o portlist.o NmapOps.o TargetGroup.o Target.o FingerPrintResults.o service_scan.o NmapOutputTable.o MACLookup.o nmap_tty.o nmap_dns.o @COMPAT_OBJS@
+OBJS = main.o nmap.o targets.o tcpip.o nmap_error.o utils.o idle_scan.o osscan.o osscan2.o output.o scan_engine.o timing.o charpool.o services.o protocols.o nmap_rpc.o portlist.o NmapOps.o TargetGroup.o Target.o FingerPrintResults.o service_scan.o NmapOutputTable.o MACLookup.o nmap_tty.o nmap_dns.o droppriv.o @COMPAT_OBJS@
# %.o : %.cc -- nope this is a GNU extension
.cc.o:
diff -urpN nmap-4.20-autoheader/configure.ac nmap-4.20/configure.ac
--- nmap-4.20-autoheader/configure.ac 2007-10-07 09:35:33 +0000
+++ nmap-4.20/configure.ac 2007-10-07 09:36:25 +0000
@@ -666,6 +666,49 @@ if test $ac_cv_ip_has_ip_sum = yes ; the
AC_DEFINE(HAVE_IP_IP_SUM, 1, [Define to 1 for ip_sum member])
fi
+try_drop_priv=no
+AC_CHECK_HEADERS(grp.h sys/capability.h sys/prctl.h)
+AC_CHECK_FUNC(chroot)
+AC_CHECK_FUNC(prctl,
+ [AC_CHECK_FUNC(setgid,
+ [AC_CHECK_FUNC(setgroups,
+ [AC_CHECK_FUNC(setreuid,
+ [try_drop_priv=yes
+ AC_CHECK_LIB(cap, cap_from_text, , [try_drop_priv=no])]
+ )]
+ )]
+ )]
+)
+
+AC_ARG_WITH(user,
+ [ --with-user=USERNAME Lower root privileges by switching to user USERNAME])
+AC_MSG_CHECKING([whether to lower root privileges by default])
+if test -z "$with_user" -o "$try_drop_priv" = "no"; then
+ AC_MSG_RESULT(no)
+else
+ AC_DEFINE_UNQUOTED(NMAP_USER, "$withval", [Define user to switch during lowering privileges])
+ AC_MSG_RESULT(to \"$withval\")
+fi
+
+AC_ARG_WITH(chroot-empty,
+ [ --with-chroot-empty=DIRECTORY When lowering privileges and -n option is given, chroot to empty DIRECTORY])
+AC_MSG_CHECKING([whether to chroot when -n option is given])
+if test -z "$with_chroot_empty" -o "$try_drop_priv" = "no" -o "$ac_cv_func_chroot" = no; then
+ AC_MSG_RESULT(no)
+else
+ AC_DEFINE_UNQUOTED(NMAP_CHROOT_EMPTY, "$withval", [Define directory to chroot during lowering privileges if -n option is given])
+ AC_MSG_RESULT(to \"$withval\")
+fi
+
+AC_ARG_WITH(chroot-resolv,
+ [ --with-chroot-resolv=DIRECTORY When lowering privileges and -n option is not given, chroot to resolver DIRECTORY])
+AC_MSG_CHECKING([whether to chroot when -n option is not given])
+if test -z "$with_chroot_resolv" -o "$try_drop_priv" = "no" -o "$ac_cv_func_chroot" = no; then
+ AC_MSG_RESULT(no)
+else
+ AC_DEFINE_UNQUOTED(NMAP_CHROOT_RESOLV, "$withval", [Define directory to chroot during lowering privileges if -n option is not given])
+ AC_MSG_RESULT(to \"$withval\")
+fi
dnl Checks for library functions.
dnl AC_TYPE_SIGNAL
diff -urpN nmap-4.20-autoheader/droppriv.cc nmap-4.20/droppriv.cc
--- nmap-4.20-autoheader/droppriv.cc 1970-01-01 00:00:00 +0000
+++ nmap-4.20/droppriv.cc 2007-10-07 11:38:57 +0000
@@ -0,0 +1,93 @@
+#include "nmap.h"
+#include "droppriv.h"
+
+#ifndef NMAP_USER
+
+void drop_priv(void) {}
+
+#else
+
+#if HAVE_GRP_H
+# include <grp.h>
+#endif
+#if HAVE_SYS_CAPABILITY_H
+# include <sys/capability.h>
+#endif
+#if HAVE_SYS_PRCTL_H
+# include <sys/prctl.h>
+#endif
+
+#include "NmapOps.h"
+extern NmapOps o; /* option structure */
+
+#ifndef NMAP_CHROOT_EMPTY
+# ifdef NMAP_CHROOT_RESOLV
+# define NMAP_CHROOT_EMPTY NMAP_CHROOT_RESOLV
+# else
+# define NMAP_CHROOT_EMPTY NULL
+# endif
+#endif
+
+#ifndef NMAP_CHROOT_RESOLV
+# define NMAP_CHROOT_RESOLV NULL
+#endif
+
+const char *
+drop_priv_dir(void)
+{
+ return o.noresolve ? NMAP_CHROOT_EMPTY : NMAP_CHROOT_RESOLV;
+}
+
+void
+drop_priv(void)
+{
+ const char *user = NMAP_USER;
+ const char *dir;
+ struct passwd *pw;
+ cap_t caps;
+
+ if (geteuid())
+ return;
+
+ nmap_services_init();
+ nmap_protocols_init();
+ rpc_services_init();
+ AllProbes::service_scan_init();
+ routethrough_init();
+ mac_prefix_init();
+ if (!o.noresolve) etchosts_init();
+
+ if (setgroups(0, 0) < 0)
+ fatal("setgroups failed");
+
+ if (prctl(PR_SET_KEEPCAPS, 1))
+ fatal("prctl PR_SET_KEEPCAPS failed");
+
+ if (!(pw = getpwnam(user)))
+ fatal("lookup of user \"%s\" failed", user);
+ endpwent();
+
+ if (!pw->pw_uid)
+ fatal("user \"%s\" shouldn't be root", user);
+
+ dir = drop_priv_dir();
+ if (dir && (chroot(dir) || chdir("/")))
+ fatal("chroot to \"%s\" failed", dir);
+
+ if (setgid(pw->pw_gid) < 0)
+ fatal("setgid failed");
+
+ if (setreuid(pw->pw_uid, pw->pw_uid) < 0)
+ fatal("setreuid failed");
+
+ caps = cap_from_text("cap_net_raw=ep");
+ if (!caps)
+ fatal("cap_from_text failed");
+
+ if (cap_set_proc(caps) < 0)
+ fatal("cap_set_proc failed");
+
+ cap_free(caps);
+}
+
+#endif /* NMAP_USER */
diff -urpN nmap-4.20-autoheader/droppriv.h nmap-4.20/droppriv.h
--- nmap-4.20-autoheader/droppriv.h 1970-01-01 00:00:00 +0000
+++ nmap-4.20/droppriv.h 2007-10-07 11:39:28 +0000
@@ -0,0 +1,13 @@
+#ifndef NMAP_DROPPRIV_H__
+#define NMAP_DROPPRIV_H__
+
+extern const char *drop_priv_dir(void);
+extern void drop_priv(void);
+extern int nmap_services_init(void);
+extern int nmap_protocols_init(void);
+extern void rpc_services_init(void);
+extern void routethrough_init(void);
+extern void mac_prefix_init(void);
+extern void etchosts_init(void);
+
+#endif /* NMAP_DROPPRIV_H__ */
diff -urpN nmap-4.20-autoheader/nmap.cc nmap-4.20/nmap.cc
--- nmap-4.20-autoheader/nmap.cc 2006-10-14 06:03:54 +0000
+++ nmap-4.20/nmap.cc 2007-10-07 11:40:01 +0000
@@ -106,6 +106,7 @@
#include "scan_engine.h"
#include "idle_scan.h"
#include "timing.h"
+#include "droppriv.h"
#include "NmapOps.h"
#include "MACLookup.h"
#include "nmap_tty.h"
@@ -1098,9 +1099,10 @@ int nmap_main(int argc, char *argv[]) {
if (pre_host_timeout != -1) o.host_timeout = pre_host_timeout;
- if (o.osscan == OS_SCAN_SYS_1_ONLY)
+ if (o.osscan == OS_SCAN_SYS_1_ONLY ||
+ (o.osscan != OS_SCAN_SYS_2_ONLY && drop_priv_dir()))
o.reference_FPs1 = parse_fingerprint_reference_file("nmap-os-fingerprints");
- else if (o.osscan == OS_SCAN_DEFAULT || o.osscan == OS_SCAN_SYS_2_ONLY)
+ if (o.osscan == OS_SCAN_DEFAULT || o.osscan == OS_SCAN_SYS_2_ONLY)
o.reference_FPs = parse_fingerprint_reference_file("nmap-os-db");
o.ValidateOptions();
@@ -1217,6 +1219,8 @@ int nmap_main(int argc, char *argv[]) {
o.sendpref = PACKET_SEND_ETH_STRONG;
}
+ drop_priv();
+
if (!ports) {
if (o.ipprotscan) {
ports = getdefaultprots();
diff -urpN nmap-4.20-autoheader/nmap_dns.cc nmap-4.20/nmap_dns.cc
--- nmap-4.20-autoheader/nmap_dns.cc 2006-09-02 20:33:57 +0000
+++ nmap-4.20/nmap_dns.cc 2007-10-07 10:09:02 +0000
@@ -160,6 +160,7 @@
#include <vector>
#include "nmap.h"
+#include "droppriv.h"
#include "NmapOps.h"
#include "nmap_dns.h"
#include "nsock.h"
@@ -1016,7 +1017,7 @@ static char *lookup_etchosts(u32 ip) {
}
-static void etchosts_init(void) {
+void etchosts_init(void) {
static int initialized = 0;
if (initialized) return;
initialized = 1;
diff -urpN nmap-4.20-autoheader/nmap_rpc.cc nmap-4.20/nmap_rpc.cc
--- nmap-4.20-autoheader/nmap_rpc.cc 2006-08-25 01:47:59 +0000
+++ nmap-4.20/nmap_rpc.cc 2007-10-07 09:36:25 +0000
@@ -103,6 +103,7 @@
#include "nmap_rpc.h"
+#include "droppriv.h"
#include "NmapOps.h"
extern NmapOps o;
@@ -117,7 +118,7 @@ static unsigned long rpc_xid_base = (uns
static size_t tcp_readlen=0; /* used in get_rpc_results but can be reset in
send_rpc_query */
-static void rpc_services_init() {
+void rpc_services_init() {
static int services_initialized = 0;
if (services_initialized) return;
services_initialized = 1;
diff -urpN nmap-4.20-autoheader/protocols.cc nmap-4.20/protocols.cc
--- nmap-4.20-autoheader/protocols.cc 2006-09-05 08:39:45 +0000
+++ nmap-4.20/protocols.cc 2007-10-07 09:36:25 +0000
@@ -100,13 +100,14 @@
/* $Id: protocols.cc 3943 2006-09-05 08:39:32Z fyodor $ */
#include "protocols.h"
+#include "droppriv.h"
#include "NmapOps.h"
extern NmapOps o;
static int numipprots = 0;
static struct protocol_list *protocol_table[PROTOCOL_TABLE_SIZE];
-static int nmap_protocols_init() {
+int nmap_protocols_init() {
static int protocols_initialized = 0;
if (protocols_initialized) return 0;
diff -urpN nmap-4.20-autoheader/services.cc nmap-4.20/services.cc
--- nmap-4.20-autoheader/services.cc 2006-08-25 01:47:59 +0000
+++ nmap-4.20/services.cc 2007-10-07 09:36:25 +0000
@@ -100,6 +100,7 @@
/* $Id: services.cc 3869 2006-08-25 01:47:49Z fyodor $ */
#include "services.h"
+#include "droppriv.h"
#include "NmapOps.h"
extern NmapOps o;
@@ -107,7 +108,7 @@ static int numtcpports = 0;
static int numudpports = 0;
static struct service_list *service_table[SERVICE_TABLE_SIZE];
-static int nmap_services_init() {
+int nmap_services_init() {
static int services_initialized = 0;
if (services_initialized) return 0;
diff -urpN nmap-4.20-autoheader/tcpip.cc nmap-4.20/tcpip.cc
--- nmap-4.20-autoheader/tcpip.cc 2006-12-08 03:01:19 +0000
+++ nmap-4.20/tcpip.cc 2007-10-07 10:02:41 +0000
@@ -104,6 +104,7 @@
#endif
#include <dnet.h>
#include "tcpip.h"
+#include "droppriv.h"
#include "NmapOps.h"
#if HAVE_SYS_TIME_H
@@ -2410,6 +2411,14 @@ void set_pcap_filter(const char *device,
pcap_freecode(&fcode);
}
+static FILE *routefp;
+
+void routethrough_init(void)
+{
+ if (!routefp)
+ routefp = fopen("/proc/net/route", "r");
+}
+
/* The 'dev' passed in must be at least 32 bytes long */
int ipaddr2devname( char *dev, const struct in_addr *addr ) {
struct interface_info *mydevs;
@@ -2788,7 +2797,6 @@ struct sys_route *getsysroutes(int *howm
int route_capacity = 128;
static struct sys_route *routes = NULL;
static int numroutes = 0;
- FILE *routefp;
char buf[1024];
char iface[16];
char *p, *endptr;
@@ -2805,7 +2813,7 @@ struct sys_route *getsysroutes(int *howm
routes = (struct sys_route *) safe_zalloc(route_capacity * sizeof(struct sys_route));
ifaces = getinterfaces(&numifaces);
/* First let us try Linux-style /proc/net/route */
- routefp = fopen("/proc/net/route", "r");
+ routethrough_init();
if (routefp) {
(void) fgets(buf, sizeof(buf), routefp); /* Kill the first line (column headers) */
while(fgets(buf,sizeof(buf), routefp)) {
@@ -2888,6 +2896,8 @@ struct sys_route *getsysroutes(int *howm
routes = (struct sys_route *) realloc(routes, route_capacity * sizeof(struct sys_route));
}
}
+ fclose(routefp);
+ routefp = NULL;
} else {
struct dnet_collector_route_nfo dcrn;
dcrn.routes = routes;