whisker plugin is insecure

From: Michel Arboi (arboiat_private)
Date: Mon Feb 11 2002 - 23:39:58 PST

Next message: Michel Arboi: "whisker plugin is insecure"

Previous message: Noam Rathaus: "Re: sendmail_expn Patch"
Next in thread: Michel Arboi: "whisker plugin is insecure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mea culpa! I knew I did it :-(
If some user may access the Nessus server machine, he can create a
whisker command, e.g. in his home directory, then execute it by
setting the "directory" to the right value.

I fixed this, whisker has now to be in $PATH.
Shoulnd't we able to configure some plugins into an "insecure" mode
for people who run nessusd and nessus on the same machine where they
have the root password?

Next message: Michel Arboi: "whisker plugin is insecure"
Previous message: Noam Rathaus: "Re: sendmail_expn Patch"
Next in thread: Michel Arboi: "whisker plugin is insecure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 11 2002 - 23:40:09 PST