deraison at nessus
Aug 22, 2004, 5:17 AM
Post #8 of 11
On Sat, Aug 21, 2004 at 06:59:32AM -0400, George Theall wrote:
> On Sat, Aug 21, 2004 at 11:21:28AM +0200, Renaud Deraison wrote:
> > Because you don't want an untrusted script to execute arbitrary commands
> > on your local system.
> True, but how can I ensure that if nasl_no_signature_check can be
> enabled in the config? Further, this seems to go beyond the purpose of
> simply ensuring the authenticity of the scripts.
Because if you can change the configuration file, then you are root. If
you are root, you can already execute commands with super-user
privileges. There's nothing Nessus can do to lower the damages you can
Now, if you choose to set nasl_no_signature_check to yes in the config
file, then you're aiming a gun at your foot. For most users, this option
must remain untouched. For people who want to write their own plugins,
then it can be enabled.