On Thu, Jul 08, 2004 at 11:35:56AM -0700, Norbert Kiesel wrote:
> > My concern at this time is to minimize the number of times we log
> > into the remote host - you don't want a Nessus scan to
> > generate 300 login/logouts entries in utmp/wtmp.
>
> Another thing to keep in mind is that this whole ssh approach is a
> double-edged sword: very powerful but potentially also very dangerous.
> AFAIK nasl itself does not e.g. allow to start random processes or to
> directly access the file system, so upgrading to the latest and greatest
> plugins without a thorough code review was something I did regularly for
> my internal checks. Of course I was sometimes bitten by some typos in
> plugins which made them fail, but I never had a serious security
> concern. Shell access somehow changes that picture.
>
> Any thoughts?
Yes - Michel has been starting a category of scripts called
"trusted-scripts", and ssh_get_info.nasl might just move there at some
point.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
