Re: Adding "dangerous" checks?

[Fyodor <fyodor () insecure org>]

On Mon, Nov 03, 2008 at 05:50:17PM -0600, Ron wrote:
> Michael Pattrick wrote:
>
> You're right, it's reasonable in that sense. On the other hand, if
> somebody is going to run something that has a reasonable (>10%? >5%?)
> chance of crashing a system hard, there should be a little more warning.
> For example, dangerous checks won't run unless they specify a special
> parameter enabling them (--scripts-args=unsafe=true). Or do you guys
> think doing that's redundant with the safe/intrusive categories?
>
> Legally, I'm not really worried. People can use whatever I write for
> good or for bad, that's their call. I'm more worried about people
> accidentally breaking stuff.

I think it sounds like a great script and I hope you write it!  But I
completely agree that it may even be too dangerous for the vuln
category if it really has a 10% chance of a target system which as
MSRPC ports open.

If there is a way to prevent the crash, that would obviously be ideal.
But otherwise, I think it would still be useful even if it was only in
"intrusive" category and not vuln.  Because people could then choose
to run it manually if they want to.  I do worry that someone would run
"--script vuln" without realizing what they were getting into if this
was in that category.  A DOS category might be reasonable for it too.
And of course the NSEdoc description would have a very clear warning.

It would be great to have an ms08-067 vulnerability check and/or
exploit in NSE.  That is a very serious vulnerability and a good way
to show off NSE!  And maybe someone will be able to figure out what
causes the crash and make the script safer.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org