Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Running NMAP as a non root user - patch

Re: Running NMAP as a non root user - patch

From: Felix Gröbert <fg_at_bundesamtfuersicherheitinderinformationstechnik.de>
Date: Mon, 16 May 2005 22:48:00 +0200

>> I wonder how a chown root nmap; chmod +s nmap; installation would be a
>> security risk (given that nmap doesn't have a large vulnerability
>> records (that am I aware of)). Any comments on this?
>
> I wouldn't want to bet on a system booting if you told nmap
> to write its log file to /etc/inittab! ;-)

A setuid nmap executeable is a bad idea. So do not chmod +s it if your
friend wants to test his firewall rules from your box:

> nmap --interactive
Starting nmap V. 3.75 ( http://www.insecure.org/nmap/ )
Welcome to Interactive Mode -- press h <enter> for help
nmap> !id
[...]

A nice backdoor... --interactive isn't in the man page, maybe for a
reason

    prost, Felix

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on May 16 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos