Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Running NMAP as a non root user - patch
From: uzy () isecurelabs com
Date: Mon, 16 May 2005 12:15:37 +0200

Nmap offers several commandline parameters that allow to write to files or 
to read from files. Using these flags, a user could be able to get sensitive 
information from files he doesn't have the right to read. 

He could also be able to overwrite essential files. 

I haven't seen the patch file in the mail from Uri Gilad, can you send it 
again with the file ? :) 

Thanks 

Pablo Fernández writes: 

I wonder how a chown root nmap; chmod +s nmap; installation would be a
security risk (given that nmap doesn't have a large vulnerability
records (that am I aware of)). Any comments on this? 

Best regards. 

 



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]