Mea culpa! I knew I did it :-( If some user may access the Nessus server machine, he can create a whisker command, e.g. in his home directory, then execute it by setting the "directory" to the right value. I fixed this, whisker has now to be in $PATH. Shoulnd't we able to configure some plugins into an "insecure" mode for people who run nessusd and nessus on the same machine where they have the root password?
This archive was generated by hypermail 2b30 : Mon Feb 11 2002 - 23:40:11 PST