Nmap Development mailing list archives
Re: Feature Request: --update
From: Felix Gröbert <felix () groebert org>
Date: Thu, 25 Jan 2007 00:58:35 +0100
Hari Sekhon (2007-01-19, 10:45):
Really nmap --update could do a lot more than just sigs, but also nmap-service-probes and other nmap-* files in /usr/share/nmap or /usr/local/share/nmap, perhaps even upgrading the whole thing in place including the nmap binary so the second run is using a fully updated nmap! (but that really is up to you if you wanted to be that nice - however that would be Awesome. )
I would vote against including a update functionality which updates the binary executeable, the nse scripts or something else which could be used for malicious code injection. Remote code execution is crown of an network security attack and man-in-the-middle'ing a `nmap --update` would enable an attacker to exchange or infect a binary. This is bad. I do not trust Firefox automatic updates for this very reason. The only exception would be the usage of a PKI to sign updates. But this yields a lot of overhead to the update implementation and a lot of work to the developers who have to manage the PKI. Firefox and a lot of other FOSS projects do not do this. Fingerprint updates are a cool thing, thought. Cheers, -- Felix Groebert <> groebert.org/felix <> GPG key: 6B44113F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: Feature Request: --update, (continued)
- Re: Feature Request: --update Kris Katterjohn (Jan 19)
- Re: Feature Request: --update Kris Katterjohn (Jan 19)
- Re: Feature Request: --update Joshua D. Abraham (Jan 19)
- Re: Feature Request: --update J.J. Green (Jan 19)
- Re: Feature Request: --update William McVey (Jan 19)
- Re: Feature Request: --update Jonathan Smith (Jan 19)
- Re: Feature Request: --update (with script attached) Kris Katterjohn (Jan 19)
- Re: Feature Request: --update (with script attached) Arturo 'Buanzo' Busleiman (Jan 19)
- Re: Feature Request: --update (with script attached) Kris Katterjohn (Jan 19)