mailing list archives
Re: Running NMAP as a non root user - patch
From: uzy () isecurelabs com
Date: Mon, 16 May 2005 12:15:37 +0200
Nmap offers several commandline parameters that allow to write to files or
to read from files. Using these flags, a user could be able to get sensitive
information from files he doesn't have the right to read.
He could also be able to overwrite essential files.
I haven't seen the patch file in the mail from Uri Gilad, can you send it
again with the file ? :)
Pablo Fernández writes:
I wonder how a chown root nmap; chmod +s nmap; installation would be a
security risk (given that nmap doesn't have a large vulnerability
records (that am I aware of)). Any comments on this?
Sent through the nmap-dev mailing list
Re: Running NMAP as a non root user - patch Fyodor (May 16)