SUMMARY Satan-1.1.1

Charles Harvey (harvey@nmc8.chinalake.navy.mil)
Wed, 05 Mar 1997 07:54:08 -0800

This is a multi-part message in MIME format.

--Boundary_[ID_evqRN+gUxRujyZQASWKq5g]
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit

-- 
 ____________________________________________________________
|                                                            |
|  Sean Harvey   OAO Corp  harvey@nmc8.chinalake.navy.mil    |
|     Ridgecrest CA  (619)939-2199                           |
|                                                            |
|    The future masters of technology will have to be        | 
|  lighthearted and intelligent. The machine easily masters  |
|   the grim and the dumb.  -- Marshall McLuhan, 1969        |
|____________________________________________________________|                                                           
|

--Boundary_[ID_evqRN+gUxRujyZQASWKq5g] Content-type: text/plain; name=summary; charset=us-ascii Content-disposition: inline; filename=summary Content-transfer-encoding: 7bit

> Original Question: > Dear friends, > > I recently installed Satan 1.1.1 on a sunos4.1.3 system and it is > working fine. But I'm a little nervous about it because the install > recommends running it as root. The way I have set it up it will only run > as root. Is anyone using it? Running it as not root? As root? Is it > safe? Why does it have to run as root? Does it have to run as root > when scanning another system? > > Any input would be appreciated > --

==================================================

From: Anderson McCammont <and@ms.com>

review the code and make your own mind up - it seemed okay to me when I looked at it some time ago. From what I remember it needs to open /dev/tcp, and that's about all it needs root for.

==================================================

From: Andrew Lamb <sm@mis.mua.go.th>

> as root. Is anyone using it? Running it as not root? As root? Is it

I don't think there's anything to worry about. The CERT crew (Computer Emergency Response Team), who publish advisories on every exploitable bug found in popular software, have only found one condition under which there is a chance (a very unlikely one) that your computer's security could be compromised when using Satan. Satan uses a web browser, e.g. lynx or Netscape, as it's interface with you. If while you are using Satan you then use the "go" or "open" function of the web browser to access some web page at another site then this exploitable opportunity occurs. CERT have published one or two papers about Satan. Try connecting to www.cert.org or ftp.cert.org and see what they've got.

I've used Satan as root on my Sun Sparc Classic Solaris 2.4 machine. By far the greatest danger of using Satan is that you might scan a host with a touchy system administrator who takes your scan as some sort of insult or attack, and starts trying to attack you back.

> safe? Why does it have to run as root? Does it have to run as root > when scanning another system?

I think some of the requests-to-export filesystems that it sends to other hosts can only be sent by root-run programs.

Andrew

==========================================================

Did you compile it yourself or are you foolishly using one of those bad binaries? Also, run it as a non-root user first to see what it tries. Then run it as root. (Satan has been known to screw up more than a few machines around here.)

Justin Young http://mesun12.engr.subr.edu/~jayoung

--Boundary_[ID_evqRN+gUxRujyZQASWKq5g]--