Nmap Development mailing list archives
Re: Running NMAP as a non root user - patch
From: Felix Gröbert <fg () bundesamtfuersicherheitinderinformationstechnik de>
Date: Mon, 16 May 2005 22:48:00 +0200
I wonder how a chown root nmap; chmod +s nmap; installation would be a security risk (given that nmap doesn't have a large vulnerability records (that am I aware of)). Any comments on this?I wouldn't want to bet on a system booting if you told nmap to write its log file to /etc/inittab! ;-)
A setuid nmap executeable is a bad idea. So do not chmod +s it if your friend wants to test his firewall rules from your box:
nmap --interactive
Starting nmap V. 3.75 ( http://www.insecure.org/nmap/ ) Welcome to Interactive Mode -- press h <enter> for help nmap> !id [...] A nice backdoor... --interactive isn't in the man page, maybe for a reason prost, Felix _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Running NMAP as a non root user - patch Uri Gilad (May 16)
- Re: Running NMAP as a non root user - patch Pablo Fernández (May 16)
- Re: Running NMAP as a non root user - patch uzy (May 16)
- Re: Running NMAP as a non root user - patch Richard Moore (May 16)
- Re: Running NMAP as a non root user - patch Felix Gröbert (May 16)
- Message not available
- Re: Running NMAP as a non root user - patch Emmanuel Goldstein (May 16)
- Re: Running NMAP as a non root user - patch Fyodor (May 16)
- Re: Running NMAP as a non root user - patch Pablo Fernández (May 16)
- Re: Running NMAP as a non root user - patch Pablo Fernández (May 16)
- Re: Running NMAP as a non root user - patch (capabilities) Martin Mačok (May 17)
- Re: Running NMAP as a non root user - patch (capabilities) Richard Moore (May 17)
- <Possible follow-ups>
- RE: Running NMAP as a non root user - patch Uri Gilad (May 16)