SUMMARY Satan-1.1.1

From: Charles Harvey (harvey@nmc8.chinalake.navy.mil)
Date: Wed Mar 05 1997 - 09:54:08 CST


-- 
 ____________________________________________________________
|                                                            |
|  Sean Harvey   OAO Corp  harvey@nmc8.chinalake.navy.mil    |
|     Ridgecrest CA  (619)939-2199                           |
|                                                            |
|    The future masters of technology will have to be        | 
|  lighthearted and intelligent. The machine easily masters  |
|   the grim and the dumb.  -- Marshall McLuhan, 1969        |
|____________________________________________________________|                                                           
|

> Original Question:
> Dear friends,
>
> I recently installed Satan 1.1.1 on a sunos4.1.3 system and it is
> working fine. But I'm a little nervous about it because the install
> recommends running it as root. The way I have set it up it will only run
> as root. Is anyone using it? Running it as not root? As root? Is it
> safe? Why does it have to run as root? Does it have to run as root
> when scanning another system?
>
> Any input would be appreciated
> --

==================================================

From: Anderson McCammont <and@ms.com>

review the code and make your own mind up - it seemed okay to me when I
looked at it some time ago. From what I remember it needs to open /dev/tcp,
and that's about all it needs root for.

==================================================

From: Andrew Lamb <sm@mis.mua.go.th>

> as root. Is anyone using it? Running it as not root? As root? Is it

I don't think there's anything to worry about. The CERT crew (Computer
Emergency Response Team), who publish advisories on every exploitable bug
found in popular software, have only found one condition under which
there is a chance (a very unlikely one) that your computer's security could
be compromised when using Satan. Satan uses a web browser, e.g. lynx or
Netscape, as it's interface with you. If while you are using Satan you
then use the "go" or "open" function of the web browser to access some
web page at another site then this exploitable opportunity occurs. CERT
have published one or two papers about Satan. Try connecting to
www.cert.org or ftp.cert.org and see what they've got.

I've used Satan as root on my Sun Sparc Classic Solaris 2.4 machine.
By far the greatest danger of using Satan is that you might scan a host
with a touchy system administrator who takes your scan as some sort of
insult or attack, and starts trying to attack you back.

> safe? Why does it have to run as root? Does it have to run as root
> when scanning another system?

I think some of the requests-to-export filesystems that it sends to other
hosts can only be sent by root-run programs.

Andrew

==========================================================

Did you compile it yourself or are you foolishly using one of those bad
binaries? Also, run it as a non-root user first to see what it tries.
Then run it as root. (Satan has been known to screw up more than a few
machines around here.)

Justin Young http://mesun12.engr.subr.edu/~jayoung



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:48 CDT