On Thu, Aug 19, 2004 at 02:11:40PM +0200, Michel Arboi wrote: > On Thu Aug 19 2004 at 11:53, Marc Haber wrote: > > The rationale behind using the Debian packages of the plugins is that > > there are two more eyes looking over the plugins > > And they certify _every_ new plugin?
Since I am not the maintainer for Debian's nessus packages, I cannot comment on that. Generally, the maintainer is expected to look over the diffs when new software version comes in. > > thus enhancing the chance of detecting a trojan plugin > > The most dangerous plugins for the scanning server are the C plugins > [1] and the NASL "trusted" plugins [2]. The issue is not only "dangerous for the scanning server", but also dangerous for the scanned systems. Imagine a trojaned plugin not only detecting a remote exploit, but also actively exploting it to install a backdoor. This is especially dangerous since nessus scan hosts usually have exclusion rules in the intrusion detection sysems, and since the nessus scan host might have privileged information to get access to the scanned systems to execute the local plugins that might have access to a Windows administrator account or to an ssh key that is allowed to execute arbitrary commands on a target system. > Trusted NASL plugins are signed by Renaud. If you don't trust him, you > should verify every single line of the C source code: a Trojan horse > might be hidden here. I don not intend to express any distrust for Renaud, I just want to explain why there might be situations where it is desired to have the Debian maintainer as another pair of eyes looking at the code. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Karlsruhe, Germany | lose things." Winona Ryder | Fon: *49 721 966 32 15 Nordisch by Nature | How to make an American Quilt | Fax: *49 721 966 31 29 _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
