Re: Adding "dangerous" checks?

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/03/2008 05:50 PM, Ron wrote:
> Michael Pattrick wrote:
> > I cant comment on the legallity, but from [0]:
> > > intrusive
> > >     These are scripts that cannot be classified in the safe category because the risks
> > > are too high that they will crash the target system, use up significant resources on
> > > the target host (such as bandwidth or CPU time), or otherwise be perceived as
> > > malicious by the target's system administrators.
> > ...
> > > vuln
> > >     These scripts check for specific known vulnerabilities and generally only report
> > > results if they are found.
> > Since these categories pretty much state that they will cause damage
> > to the target, I think it is ok to create a script that crashes a host
> > as long as it is labeled properly.
> You're right, it's reasonable in that sense. On the other hand, if
> somebody is going to run something that has a reasonable (>10%? >5%?)
> chance of crashing a system hard, there should be a little more warning.
> For example, dangerous checks won't run unless they specify a special
> parameter enabling them (--scripts-args=unsafe=true). Or do you guys
> think doing that's redundant with the safe/intrusive categories?

We had a good-sized discussion[1] earlier this year regarding script
categories and which were to be placed where.  I feel an important reason the
Safe and Intrusive categories exist is for situations just like this.

I suppose in some instances it's best to guard people from themselves, but I
think the category name "intrusive" is clear enough to convey the importance
of watching what you're doing.

> Ron

Thanks,
Kris Katterjohn

[1] http://seclists.org/nmap-dev/2008/q2/index.html#680

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSQ+Qq/9K37xXYl36AQKCTg//UJrVuyWLc0LyAdoreBLKHBMNQb1O8iN/
49DgyV1VwxnA2YbVjVnQl7jku4uyU3DXuzl8IJ/7ggNFyRc3LQu7U+2shsvumRoO
x3/uF58d1yXtepEnvfZkAYh7Qwb1vdPHW+Iv99uWdFO0zdfyU43v4HGuxIykTbm/
ZTvg1JUyGMZd3Fz63h2tpdA67ztWp+/8ZuSi7S9fFKOcdxD7WamW54JAi3sRLffz
VZXRPVvWQPFfPcknkjAOlbpwBzdCI54gukGGqsbXKIh7o+/nCkK3Y5g02XzObUBU
NUhGrCxR954qUIQRcxB+839r8QMiHp8OROsM5DWhC+DKHRC2+DAdCWODlDQRtytR
P2Npqv0z/n/KU341gmP0z+6HXfeqOsEwskfn8Yv/Det1BZQ2bsF9druksuttqETW
S1vSWvGaR36Eik9u3Y+sNrSvYtw8q9Mn1MIVj1BtOguOIRvzhn4SpCdGATxSH61d
QxUhrLDfXTlN8XlztpqQ5xb4gimlRKwsf8+vFrioxNa1vw16nspEe3eLOlfaHAu0
a2xphYOefxgJjNTzUNbNa3zJKydeP1NV4jXJXL78NzX3McbzPtxydo2hBAlT3X5v
fj2WROe4HBi6iL/4ORQ6RrznviFtz0kUnknAoBBsdJ8cdCqE+0WUotOTJ4IbYf2p
Fo1Uxxhc+ZA=
=nIna
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org