ubuntu20 masscan: Operation not permitted

gujiwork commented 1 year ago

root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1/bin# cat /etc/issue
Ubuntu 20.04.6 LTS \n \l

root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1/bin# uname -r
5.4.0-113-generic

root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1# make 
fatal: not a git repository (or any of the parent directories): .git
clang -g -ggdb    -Wall -O2 -c src/crypto-base64.c -o tmp/crypto-base64.o
clang -g -ggdb    -Wall -O2 -c src/crypto-blackrock2.c -o tmp/crypto-blackrock2.o
clang -g -ggdb    -Wall -O2 -c src/event-timeout.c -o tmp/event-timeout.o
clang -g -ggdb    -Wall -O2 -c src/in-binary.c -o tmp/in-binary.o
clang -g -ggdb    -Wall -O2 -c src/in-filter.c -o tmp/in-filter.o
clang -g -ggdb    -Wall -O2 -c src/in-report.c -o tmp/in-report.o
clang -g -ggdb    -Wall -O2 -c src/logger.c -o tmp/logger.o
clang -g -ggdb    -Wall -O2 -c src/main-conf.c -o tmp/main-conf.o -DGIT=\""unknown"\"
clang -g -ggdb    -Wall -O2 -c src/main-dedup.c -o tmp/main-dedup.o
clang -g -ggdb    -Wall -O2 -c src/main-initadapter.c -o tmp/main-initadapter.o
clang -g -ggdb    -Wall -O2 -c src/main-listscan.c -o tmp/main-listscan.o
clang -g -ggdb    -Wall -O2 -c src/main-ptrace.c -o tmp/main-ptrace.o
clang -g -ggdb    -Wall -O2 -c src/main-readrange.c -o tmp/main-readrange.o
clang -g -ggdb    -Wall -O2 -c src/main-status.c -o tmp/main-status.o
clang -g -ggdb    -Wall -O2 -c src/main-throttle.c -o tmp/main-throttle.o
clang -g -ggdb    -Wall -O2 -c src/main.c -o tmp/main.o
clang -g -ggdb    -Wall -O2 -c src/masscan-app.c -o tmp/masscan-app.o
clang -g -ggdb    -Wall -O2 -c src/massip-addr.c -o tmp/massip-addr.o
clang -g -ggdb    -Wall -O2 -c src/massip-parse.c -o tmp/massip-parse.o
clang -g -ggdb    -Wall -O2 -c src/massip-rangesv4.c -o tmp/massip-rangesv4.o
clang -g -ggdb    -Wall -O2 -c src/massip-rangesv6.c -o tmp/massip-rangesv6.o
clang -g -ggdb    -Wall -O2 -c src/massip.c -o tmp/massip.o
clang -g -ggdb    -Wall -O2 -c src/misc-rstfilter.c -o tmp/misc-rstfilter.o
clang -g -ggdb    -Wall -O2 -c src/out-binary.c -o tmp/out-binary.o
clang -g -ggdb    -Wall -O2 -c src/out-certs.c -o tmp/out-certs.o
clang -g -ggdb    -Wall -O2 -c src/out-grepable.c -o tmp/out-grepable.o
clang -g -ggdb    -Wall -O2 -c src/out-hostonly.c -o tmp/out-hostonly.o
clang -g -ggdb    -Wall -O2 -c src/out-json.c -o tmp/out-json.o
clang -g -ggdb    -Wall -O2 -c src/out-ndjson.c -o tmp/out-ndjson.o
clang -g -ggdb    -Wall -O2 -c src/out-null.c -o tmp/out-null.o
clang -g -ggdb    -Wall -O2 -c src/out-redis.c -o tmp/out-redis.o
clang -g -ggdb    -Wall -O2 -c src/out-tcp-services.c -o tmp/out-tcp-services.o
clang -g -ggdb    -Wall -O2 -c src/out-text.c -o tmp/out-text.o
clang -g -ggdb    -Wall -O2 -c src/out-unicornscan.c -o tmp/out-unicornscan.o
clang -g -ggdb    -Wall -O2 -c src/out-xml.c -o tmp/out-xml.o
clang -g -ggdb    -Wall -O2 -c src/output.c -o tmp/output.o
clang -g -ggdb    -Wall -O2 -c src/pixie-backtrace.c -o tmp/pixie-backtrace.o
clang -g -ggdb    -Wall -O2 -c src/pixie-file.c -o tmp/pixie-file.o
clang -g -ggdb    -Wall -O2 -c src/pixie-threads.c -o tmp/pixie-threads.o
clang -g -ggdb    -Wall -O2 -c src/pixie-timer.c -o tmp/pixie-timer.o
clang -g -ggdb    -Wall -O2 -c src/proto-arp.c -o tmp/proto-arp.o
clang -g -ggdb    -Wall -O2 -c src/proto-banner1.c -o tmp/proto-banner1.o
clang -g -ggdb    -Wall -O2 -c src/proto-banout.c -o tmp/proto-banout.o
clang -g -ggdb    -Wall -O2 -c src/proto-coap.c -o tmp/proto-coap.o
clang -g -ggdb    -Wall -O2 -c src/proto-dns.c -o tmp/proto-dns.o
clang -g -ggdb    -Wall -O2 -c src/proto-ftp.c -o tmp/proto-ftp.o
clang -g -ggdb    -Wall -O2 -c src/proto-http.c -o tmp/proto-http.o
clang -g -ggdb    -Wall -O2 -c src/proto-icmp.c -o tmp/proto-icmp.o
clang -g -ggdb    -Wall -O2 -c src/proto-imap4.c -o tmp/proto-imap4.o
clang -g -ggdb    -Wall -O2 -c src/proto-interactive.c -o tmp/proto-interactive.o
clang -g -ggdb    -Wall -O2 -c src/proto-memcached.c -o tmp/proto-memcached.o
clang -g -ggdb    -Wall -O2 -c src/proto-netbios.c -o tmp/proto-netbios.o
clang -g -ggdb    -Wall -O2 -c src/proto-ntlmssp.c -o tmp/proto-ntlmssp.o
clang -g -ggdb    -Wall -O2 -c src/proto-ntp.c -o tmp/proto-ntp.o
clang -g -ggdb    -Wall -O2 -c src/proto-oproto.c -o tmp/proto-oproto.o
clang -g -ggdb    -Wall -O2 -c src/proto-pop3.c -o tmp/proto-pop3.o
clang -g -ggdb    -Wall -O2 -c src/proto-preprocess.c -o tmp/proto-preprocess.o
clang -g -ggdb    -Wall -O2 -c src/proto-sctp.c -o tmp/proto-sctp.o
clang -g -ggdb    -Wall -O2 -c src/proto-smb.c -o tmp/proto-smb.o
clang -g -ggdb    -Wall -O2 -c src/proto-smtp.c -o tmp/proto-smtp.o
clang -g -ggdb    -Wall -O2 -c src/proto-snmp.c -o tmp/proto-snmp.o
clang -g -ggdb    -Wall -O2 -c src/proto-ssh.c -o tmp/proto-ssh.o
clang -g -ggdb    -Wall -O2 -c src/proto-ssl-test.c -o tmp/proto-ssl-test.o
clang -g -ggdb    -Wall -O2 -c src/proto-ssl.c -o tmp/proto-ssl.o
clang -g -ggdb    -Wall -O2 -c src/proto-tcp-rdp.c -o tmp/proto-tcp-rdp.o
clang -g -ggdb    -Wall -O2 -c src/proto-tcp-telnet.c -o tmp/proto-tcp-telnet.o
clang -g -ggdb    -Wall -O2 -c src/proto-tcp.c -o tmp/proto-tcp.o
clang -g -ggdb    -Wall -O2 -c src/proto-udp.c -o tmp/proto-udp.o
clang -g -ggdb    -Wall -O2 -c src/proto-vnc.c -o tmp/proto-vnc.o
clang -g -ggdb    -Wall -O2 -c src/proto-x509.c -o tmp/proto-x509.o
clang -g -ggdb    -Wall -O2 -c src/proto-zeroaccess.c -o tmp/proto-zeroaccess.o
clang -g -ggdb    -Wall -O2 -c src/rand-blackrock.c -o tmp/rand-blackrock.o
clang -g -ggdb    -Wall -O2 -c src/rand-lcg.c -o tmp/rand-lcg.o
clang -g -ggdb    -Wall -O2 -c src/rand-primegen.c -o tmp/rand-primegen.o
clang -g -ggdb    -Wall -O2 -c src/rawsock-getif.c -o tmp/rawsock-getif.o
clang -g -ggdb    -Wall -O2 -c src/rawsock-getip.c -o tmp/rawsock-getip.o
clang -g -ggdb    -Wall -O2 -c src/rawsock-getip6.c -o tmp/rawsock-getip6.o
clang -g -ggdb    -Wall -O2 -c src/rawsock-getmac.c -o tmp/rawsock-getmac.o
clang -g -ggdb    -Wall -O2 -c src/rawsock-getroute.c -o tmp/rawsock-getroute.o
clang -g -ggdb    -Wall -O2 -c src/rawsock-pcapfile.c -o tmp/rawsock-pcapfile.o
clang -g -ggdb    -Wall -O2 -c src/rawsock.c -o tmp/rawsock.o
clang -g -ggdb    -Wall -O2 -c src/read-service-probes.c -o tmp/read-service-probes.o
clang -g -ggdb    -Wall -O2 -c src/rte-ring.c -o tmp/rte-ring.o
clang -g -ggdb    -Wall -O2 -c src/scripting-banner.c -o tmp/scripting-banner.o
clang -g -ggdb    -Wall -O2 -c src/scripting-masscan.c -o tmp/scripting-masscan.o
clang -g -ggdb    -Wall -O2 -c src/scripting.c -o tmp/scripting.o
clang -g -ggdb    -Wall -O2 -c src/siphash24.c -o tmp/siphash24.o
clang -g -ggdb    -Wall -O2 -c src/smack1.c -o tmp/smack1.o
clang -g -ggdb    -Wall -O2 -c src/smackqueue.c -o tmp/smackqueue.o
clang -g -ggdb    -Wall -O2 -c src/stack-arpv4.c -o tmp/stack-arpv4.o
clang -g -ggdb    -Wall -O2 -c src/stack-if.c -o tmp/stack-if.o
clang -g -ggdb    -Wall -O2 -c src/stack-ndpv6.c -o tmp/stack-ndpv6.o
clang -g -ggdb    -Wall -O2 -c src/stack-queue.c -o tmp/stack-queue.o
clang -g -ggdb    -Wall -O2 -c src/stack-src.c -o tmp/stack-src.o
clang -g -ggdb    -Wall -O2 -c src/string_s.c -o tmp/string_s.o
clang -g -ggdb    -Wall -O2 -c src/stub-lua.c -o tmp/stub-lua.o
clang -g -ggdb    -Wall -O2 -c src/stub-pcap.c -o tmp/stub-pcap.o
clang -g -ggdb    -Wall -O2 -c src/stub-pfring.c -o tmp/stub-pfring.o
clang -g -ggdb    -Wall -O2 -c src/syn-cookie.c -o tmp/syn-cookie.o
clang -g -ggdb    -Wall -O2 -c src/templ-payloads.c -o tmp/templ-payloads.o
clang -g -ggdb    -Wall -O2 -c src/templ-pkt.c -o tmp/templ-pkt.o
clang -g -ggdb    -Wall -O2 -c src/util-checksum.c -o tmp/util-checksum.o
clang -g -ggdb    -Wall -O2 -c src/util-malloc.c -o tmp/util-malloc.o
clang -g -ggdb    -Wall -O2 -c src/versioning.c -o tmp/versioning.o
clang -g -ggdb    -Wall -O2 -c src/vulncheck-heartbleed.c -o tmp/vulncheck-heartbleed.o
clang -g -ggdb    -Wall -O2 -c src/vulncheck-ntp-monlist.c -o tmp/vulncheck-ntp-monlist.o
clang -g -ggdb    -Wall -O2 -c src/vulncheck-sslv3.c -o tmp/vulncheck-sslv3.o
clang -g -ggdb    -Wall -O2 -c src/vulncheck.c -o tmp/vulncheck.o
clang -g -ggdb    -Wall -O2 -c src/xring.c -o tmp/xring.o
clang -g -ggdb    -Wall -O2 -o bin/masscan tmp/crypto-base64.o tmp/crypto-blackrock2.o tmp/event-timeout.o tmp/in-binary.o tmp/in-filter.o tmp/in-report.o tmp/logger.o tmp/main-conf.o tmp/main-dedup.o tmp/main-initadapter.o tmp/main-listscan.o tmp/main-ptrace.o tmp/main-readrange.o tmp/main-status.o tmp/main-throttle.o tmp/main.o tmp/masscan-app.o tmp/massip-addr.o tmp/massip-parse.o tmp/massip-rangesv4.o tmp/massip-rangesv6.o tmp/massip.o tmp/misc-rstfilter.o tmp/out-binary.o tmp/out-certs.o tmp/out-grepable.o tmp/out-hostonly.o tmp/out-json.o tmp/out-ndjson.o tmp/out-null.o tmp/out-redis.o tmp/out-tcp-services.o tmp/out-text.o tmp/out-unicornscan.o tmp/out-xml.o tmp/output.o tmp/pixie-backtrace.o tmp/pixie-file.o tmp/pixie-threads.o tmp/pixie-timer.o tmp/proto-arp.o tmp/proto-banner1.o tmp/proto-banout.o tmp/proto-coap.o tmp/proto-dns.o tmp/proto-ftp.o tmp/proto-http.o tmp/proto-icmp.o tmp/proto-imap4.o tmp/proto-interactive.o tmp/proto-memcached.o tmp/proto-netbios.o tmp/proto-ntlmssp.o tmp/proto-ntp.o tmp/proto-oproto.o tmp/proto-pop3.o tmp/proto-preprocess.o tmp/proto-sctp.o tmp/proto-smb.o tmp/proto-smtp.o tmp/proto-snmp.o tmp/proto-ssh.o tmp/proto-ssl-test.o tmp/proto-ssl.o tmp/proto-tcp-rdp.o tmp/proto-tcp-telnet.o tmp/proto-tcp.o tmp/proto-udp.o tmp/proto-vnc.o tmp/proto-x509.o tmp/proto-zeroaccess.o tmp/rand-blackrock.o tmp/rand-lcg.o tmp/rand-primegen.o tmp/rawsock-getif.o tmp/rawsock-getip.o tmp/rawsock-getip6.o tmp/rawsock-getmac.o tmp/rawsock-getroute.o tmp/rawsock-pcapfile.o tmp/rawsock.o tmp/read-service-probes.o tmp/rte-ring.o tmp/scripting-banner.o tmp/scripting-masscan.o tmp/scripting.o tmp/siphash24.o tmp/smack1.o tmp/smackqueue.o tmp/stack-arpv4.o tmp/stack-if.o tmp/stack-ndpv6.o tmp/stack-queue.o tmp/stack-src.o tmp/string_s.o tmp/stub-lua.o tmp/stub-pcap.o tmp/stub-pfring.o tmp/syn-cookie.o tmp/templ-payloads.o tmp/templ-pkt.o tmp/util-checksum.o tmp/util-malloc.o tmp/versioning.o tmp/vulncheck-heartbleed.o tmp/vulncheck-ntp-monlist.o tmp/vulncheck-sslv3.o tmp/vulncheck.o tmp/xring.o   -lm -lrt -ldl -lpthread
root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1# echo $?
0
root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1# cd bin/
root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1/bin# ll
total 1572
drwxrwxr-x  2 root root    4096 6月  29 11:03 ./
drwxrwxr-x 10 root root    4096 1月  26  2021 ../
-rw-rw-r--  1 root root      16 1月  26  2021 .gitignore
-rwxr-xr-x  1 root root 1594000 6月  29 11:03 masscan*
root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1/bin# ./masscan 
-bash: ./masscan: Operation not permitted

gujiwork commented 1 year ago

root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1/bin# apt reinstall masscan
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 41 not upgraded.
Need to get 181 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://mirrors.cloud.aliyuncs.com/ubuntu focal/universe amd64 masscan amd64 2:1.0.5+ds1-3 [181 kB]
Fetched 181 kB in 0s (1,632 kB/s)
(Reading database ... 219565 files and directories currently installed.)
Preparing to unpack .../masscan_2%3a1.0.5+ds1-3_amd64.deb ...
Unpacking masscan (2:1.0.5+ds1-3) over (2:1.0.5+ds1-3) ...
Setting up masscan (2:1.0.5+ds1-3) ...
Processing triggers for man-db (2.9.1-1) ...
root@b8c4fay34aei4ep:/data/apps/masscan-1.3.1/bin# masscan 
-bash: /usr/bin/masscan: Operation not permitted

mzpqnxow commented 11 months ago

You can prepend “strace” to see what exactly is returning EPERM

Eattttt commented 11 months ago

same

mzpqnxow commented 8 months ago

same

I'm pretty sure this is an environment issue. The error is coming from bash, which suggests to me execve() is failing

Are you in a container with some weird restrictions, or a hardened kernel (thinking of trusted path execution specifically)

... or in a directory that's under a noexec mount? I could imagine some hosting images or docker containers having /home mounted with -o noexec (or -o user, see explanation below..)

Try this, in the same directory:

$ cat > a.c << "EOF"
int main(){}
EOF
$ clang a.c -o a
$ ./a

Does that minimal ELF run or give you the same error?

You can check for the presence of user/noexec mounts using:

$ findmnt -O noexec
$ findmnt -O user

Or find info on the mount for that directory:

$ cd /path/to/masscan/src
$ findmnt $PWD

You can fix the mount options using something like:

$ sudo mount -o remount,nouser,exec $MP

... where $MP is the mount point

Or, you could install it

At that point it ought to run, by virtue of the fact that it will be in a "system" directory where execution must be enabled

If it doesn't, then all I can think if is you're using the wrong toolchain to compile (e.g. using a 32-bit toolchain on a 64-bit platform without userland or kernel support for running 32-bit executables)

See also https://linux.die.net/man/8/mount, for explanation of "noexec". Also, it appears that the "user" mount option will also have this effect as it implies "noexec"

tl; dr; Not a masscan issue; I suspect (based on limited info available) that if you remount your mount point with -oremount,exec,nouser it will work. Or, ya know, just sudo make install and it should work

mzpqnxow commented 7 months ago

@Eattttt @gujiwork did you figure out your issue(s)? I'm curious what the resolution was

gujiwork commented 7 months ago

@Eattttt @gujiwork did you figure out your issue(s)? I'm curious what the resolution was

I changed to ubuntu22 and the problem was solved

robertdavidgraham / masscan

ubuntu20 masscan: Operation not permitted #723