Nmap Announce mailing list archives
Re: nmap..... via web
From: Lamont Granquist <lamontg () raven genome washington edu>
Date: Fri, 19 Feb 1999 12:13:31 -0800
On Fri, 19 Feb 1999, Fyodor wrote:
On Thu, 18 Feb 1999, ajax wrote:anyway, www.mobis.com/ajax/code/nmap/webmap.cgi is my seven minute rendering of what i think it should look like, complete with sanity checking of the user input variable,You mean this sanity checking? # sanity check if ($query->param('ip_address') =~ /[~`\#\$\!\%\^\&\*()\|\[\]\{\}\:\;\?]/ ) { print "<H1><tt>Sorry, Try again. </H1>"; exit; }
# sanity check if ($query->param('ip_address') !~ /^[0-9\.]$/) { print "<H1><tt>Sorry, Try again. </H1>"; exit; } or this if you also allow DNS lookups and want to be permissive of a little bit of whitespace: # sanity check if ($query->param('ip_address') !~ /^\s*[0-9a-zA-Z\.\-]\s*$/) { print "<H1><tt>Sorry, Try again. </H1>"; exit; } allow thing which you know you trust through, don't try to guess and list all the bad things. don't try to be overly flexible (e.g. don't allow whitespace in the middle of the address). also you probably should hack nmap so that it runs suid root and drops privs immediately after opening up a raw socket and a pcap file descriptor. in any application like this you have to assume that someone will scan their own machine which they have hacked so that it returns packets in response to nmap queries which will overflow nmap buffers and give you root if that code is running as root. nmap wasn't designed to be run privleged, and hasn't been audited, you should assume that if you let nmap be run by users that don't otherwise have root on your machine that there are exploitable holes in nmap that will let them gain root on your machine. so, i suggest hacking nmap so that it drops privs, and also having it drop to uid nobody running in a chroot() environment. since so many people seem to be trying to use nmap for these kinds of things maybe nmap needs these patches in the development tree... -- Lamont Granquist lamontg () raven genome washington edu Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontg () raven genome washington edu | pgp -fka
Current thread:
- install fails. Jeffrey Roberson (Volt Computer) (Feb 18)
- nmap..... via web Erik Parker (Feb 18)
- Re: nmap..... via web MadHat (Feb 18)
- Re: nmap..... via web Andrew Brown (Feb 18)
- Re: nmap..... via web ajax (Feb 18)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web David G. Andersen (Feb 19)
- Re: nmap..... via web Lamont Granquist (Feb 19)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web Lars Marowsky-Bree (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web MadHat (Feb 18)
- Re: nmap..... via web Simple Nomad (Feb 19)
- nmap..... via web Erik Parker (Feb 18)
- Re: nmap..... via web HD Moore (Feb 19)
- Re: nmap..... via web ajax (Feb 18)