Fixing MacOS bug on permissions

Saluki · Saluki · commit 7b7d02526f52 · 2025-11-18T12:32:20.000+01:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -2,7 +2,7 @@
 name = "arp-scan"
 description = "A minimalistic ARP scan tool"
 license = "AGPL-3.0-or-later"
-version = "0.15.0"
+version = "0.15.1"
 authors = ["Saluki"]
 edition = "2024"
 readme = "README.md"
@@ -16,12 +16,14 @@ rust-version = "1.90"
 [dependencies]
 
 # CLI & utilities
-caps = "0.5.6"
 clap = { version = "4.5", default-features = false, features = ["std", "suggestions", "color", "help"] }
 ansi_term = "0.12"
 rand = "0.9"
 ctrlc = "3.5"
 
+[target.'cfg(target_os = "linux")'.dependencies]
+caps = "0.5.6"
+
 # Network
 pnet = "0.35"
 pnet_datalink = "0.35"
diff --git a/README.md b/README.md
@@ -64,7 +64,7 @@ ARP scan finished, 5 hosts found in 1.623 seconds
 Download the `arp-scan` binary for Linux (Ubuntu, Fedora, Debian, ...). See the [releases page](https://github.com/Saluki/arp-scan-rs/releases) for other binaries.
 
 ```bash
-wget -O arp-scan https://github.com/Saluki/arp-scan-rs/releases/download/v0.15.0/arp-scan-v0.15.0-x86_64-unknown-linux-musl && chmod +x ./arp-scan
+wget -O arp-scan https://github.com/Saluki/arp-scan-rs/releases/download/v0.15.1/arp-scan-v0.15.1-x86_64-unknown-linux-musl && chmod +x ./arp-scan
 ```
 
 Optionnaly, fetch the IEEE OUI reference file (CSV format) that contains all MAC address vendors.
diff --git a/src/main.rs b/src/main.rs
@@ -44,7 +44,7 @@ fn main() {
         process::exit(0);
     }
 
-    if !cfg!(windows) && !utils::has_network_capability() {
+    if !utils::has_network_capability() {
         eprintln!(
             "Should run this binary as root, an user with CAP_NET_RAW capabilities or use --help for options"
         );
diff --git a/src/utils.rs b/src/utils.rs
@@ -2,6 +2,7 @@ use std::process;
 use std::sync::Arc;
 
 use ansi_term::Color::{Green, Red};
+#[cfg(target_os = "linux")]
 use caps::{CapSet, Capability, has_cap};
 use ipnetwork::{IpNetwork, NetworkSize};
 use pnet_datalink::NetworkInterface;
@@ -17,9 +18,24 @@ use crate::network::{ResponseSummary, TargetDetails};
  * root - you just need CAP_NET_RAW capability to perform scans. This was before
  * implemented as a minimalistic check to see if the "USER" env was set to root,
  * but failed to work in containerized environments.
+ *
+ * On Linux, this checks for CAP_NET_RAW capability. On other Unix-like systems
+ * (macOS, BSD, etc.), the capability check is not applicable - permissions must
+ * be granted at runtime (e.g., via sudo).
  */
 pub fn has_network_capability() -> bool {
-    has_cap(None, CapSet::Effective, Capability::CAP_NET_RAW).unwrap_or(false)
+    #[cfg(target_os = "linux")]
+    {
+        has_cap(None, CapSet::Effective, Capability::CAP_NET_RAW).unwrap_or(false)
+    }
+    #[cfg(not(target_os = "linux"))]
+    {
+        // On non-Linux systems (macOS, BSD, etc.), we can't check capabilities
+        // at compile time. The user needs to run with appropriate privileges.
+        // Return true here and let the actual network operations fail if
+        // permissions are insufficient.
+        true
+    }
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ fn main() {`
`44`	`44`	`process::exit(0);`
`45`	`45`	`}`
`46`	`46`
`47`		`- if !cfg!(windows) && !utils::has_network_capability() {`
	`47`	`+ if !utils::has_network_capability() {`
`48`	`48`	`eprintln!(`
`49`	`49`	`"Should run this binary as root, an user with CAP_NET_RAW capabilities or use --help for options"`
`50`	`50`	`);`