[...] > For the record, I'm not entirely convinced that > including nmap was a > good idea either, but at least its probes are > non-destructive in nature. [...]
At one time (still on unpatched/legacy systems), nmap could mess up inetd, requiring manual intervention; although it's not _intended_ as an exploit, that effectively resulted in a denial of service beyond mere packet flooding. However (and IANAL of course), the _intent_ would concern me, although of course the intent of the functionality doesn't preclude constructive vs destructive uses of that functionality by an individual. As a user and system administrator, I would not necessarily want this available by default, without using either separate media or a separate repository to get it. And given signed executables, I'd want it signed with a signature distinct from less controversial items, so that I could only allow more mainstream signed executables to be executed (that being perhaps the best way to lock down against software that may or may not be malware). -- This message posted from opensolaris.org
