nmap requires root access. It would be useful to use file capabilities, as per wireshark, to allow nmap to be run as a normal user. Details can be found here: https://secwiki.org/w/Running_nmap_as_an_unprivileged_user Reproducible: Always Actual Results: $ nmap -sU -F --privilege 192.168.12.2 Starting Nmap 6.40 ( http://nmap.org ) at 2013-11-28 13:11 GMT socket troubles in Init: Operation not permitted (1) Expected Results: $ nmap -sU -F --privilege 192.168.12.2 Starting Nmap 6.40 ( http://nmap.org ) at 2013-11-28 13:14 GMT Nmap scan report for icon (192.168.12.2) Host is up (0.00021s latency). PORT STATE SERVICE 4/udp closed unassigned 161/udp closed snmp Read from /usr/bin/../share/nmap: nmap-services. Read from /usr/bin/../share/nmap: nmap-payloads. Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
I've added the fcaps and done some basic testing and it appears to work as expected when I spell privileged correctly. Please test and confirm that this works, and if anyone could check that I did this right that would be even better.
nmap live (9999) ebuild has been updated. I will backport the changes as soon as someone else confirms that the filecaps were done correctly and I didn't just do something terrible.
So you added it to an ebuild that no one will be testing.
If your implementation is buggy we'll fix that through a new bug report.
Your implementation _was_ buggy. You were not setting proper ownership and permissions in the case where fcaps.eclass succeeded to set the capabilities, allowing _anyone_ to send raw packets. I have reverted those changes. Reopen this bug report when you have a safe patch and don't commit anything. Looks like someone removed the LATER resolution so I'll leave the bug status in place for now.
CC'ing security as they may want to evaluate whether this needs to go through the usual GLSA mangling. During a period of about a day, both net-analyzer/nmap-9999 (not keyworded) and net-analyzer/nmap-6.47-r3 (marked ~arch) allowed any user to run nmap with capabilities cap_net_raw,cap_net_admin,cap_net_bind_service+eip, possibly resulting in a security breach. All fcaps.eclass related changes have since been reverted.