Hi,
using the linux kernel capabilities (http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt), and the following patch it is possible to run nessusd as a non-root user - granting it
only raw network capabilities.
The patch is against nessus-core 2.2.3
Share and enjoy !
Uri Gilad
ugila d at forescout do t com
8<===== CUT HERE ======================================================================
--- nessus-core/nessusd/nessusd.c~ 2005-03-29 13:54:40.253146722 +0200
+++ nessus-core/nessusd/nessusd.c 2005-03-29 14:02:59.984456781 +0200
@@ -1265,14 +1265,6 @@
exit (0); /* DBUG DEBUG DEBUG */
#endif
-
-#ifndef _CYGWIN_
- if(getuid())
- {
- fprintf(stderr, "Only root should start nessusd.\n");
- exit(0);
- }
-#endif
if(exit_early == 0)
bpf_server_pid = bpf_server();
======= END HERE ====================================================================>8
using the linux kernel capabilities (http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.4/capfaq-0.2.txt), and the following patch it is possible to run nessusd as a non-root user - granting it
only raw network capabilities.
The patch is against nessus-core 2.2.3
Share and enjoy !
Uri Gilad
ugila d at forescout do t com
8<===== CUT HERE ======================================================================
--- nessus-core/nessusd/nessusd.c~ 2005-03-29 13:54:40.253146722 +0200
+++ nessus-core/nessusd/nessusd.c 2005-03-29 14:02:59.984456781 +0200
@@ -1265,14 +1265,6 @@
exit (0); /* DBUG DEBUG DEBUG */
#endif
-
-#ifndef _CYGWIN_
- if(getuid())
- {
- fprintf(stderr, "Only root should start nessusd.\n");
- exit(0);
- }
-#endif
if(exit_early == 0)
bpf_server_pid = bpf_server();
======= END HERE ====================================================================>8