Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: Draft for hosted cgi
From: Arturo 'Buanzo' Busleiman <buanzo () buanzo com ar>
Date: Wed, 24 May 2006 07:37:00 -0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Julien Delange wrote:

- The separation between daemon and cgi is very important, because run nmap
through Apache is a __very__ bad idea (it means you have nmap suid or you
have to run apache as root, ...)


Three more options:

1) use sudo (which, of course, is like running nmap as root)
2) use scan types that no rely on root privileges
3) use linux capabilities, to grant an unprivileged user the required raw sockets capabilities.

- --
Arturo "Buanzo" Busleiman - VPN Mail Project - http://vpnmail.buanzo.com.ar
Consultor en Seguridad Informatica - http://www.buanzo.com.ar
My Linux and Security Blog at http://linux-consulting.buanzo.com.ar/

Romper un sistema de seguridad los acerca tanto a ser hackers como
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEdDdMAlpOsGhXcE0RAvXNAJ4tIuE+u/Beyo2qo5j6ICZMvNXBlgCffNv+
smIMa7dyU3TvpyTAyxfb/BQ=
=BMnM
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]