Nmap Development mailing list archives

Re: Running NMAP as a non root user - patch

From: uzy () isecurelabs com
Date: Mon, 16 May 2005 12:15:37 +0200

Nmap offers several commandline parameters that allow to write to files or 
to read from files. Using these flags, a user could be able to get sensitive 
information from files he doesn't have the right to read. 

He could also be able to overwrite essential files. 

I haven't seen the patch file in the mail from Uri Gilad, can you send it 
again with the file ? :) 

Thanks 

Pablo Fernández writes:

I wonder how a chown root nmap; chmod +s nmap; installation would be a
security risk (given that nmap doesn't have a large vulnerability
records (that am I aware of)). Any comments on this? 

Best regards.

 



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

Current thread:

Running NMAP as a non root user - patch Uri Gilad (May 16)
- Re: Running NMAP as a non root user - patch Pablo Fernández (May 16)
  - Re: Running NMAP as a non root user - patch uzy (May 16)
  - Re: Running NMAP as a non root user - patch Richard Moore (May 16)
    - Re: Running NMAP as a non root user - patch Felix Gröbert (May 16)
    - Message not available
    - Re: Running NMAP as a non root user - patch Emmanuel Goldstein (May 16)
    - Re: Running NMAP as a non root user - patch Fyodor (May 16)
    - Re: Running NMAP as a non root user - patch Pablo Fernández (May 16)
- Re: Running NMAP as a non root user - patch Fyodor (May 16)
  - Re: Running NMAP as a non root user - patch (capabilities) Martin Mačok (May 17)
    - Re: Running NMAP as a non root user - patch (capabilities) Richard Moore (May 17)
- <Possible follow-ups>
- RE: Running NMAP as a non root user - patch Uri Gilad (May 16)