Mea culpa! I knew I did it :-(
If some user may access the Nessus server machine, he can create a
whisker command, e.g. in his home directory, then execute it by
setting the "directory" to the right value.
I fixed this, whisker has now to be in $PATH.
Shoulnd't we able to configure some plugins into an "insecure" mode
for people who run nessusd and nessus on the same machine where they
have the root password?
If some user may access the Nessus server machine, he can create a
whisker command, e.g. in his home directory, then execute it by
setting the "directory" to the right value.
I fixed this, whisker has now to be in $PATH.
Shoulnd't we able to configure some plugins into an "insecure" mode
for people who run nessusd and nessus on the same machine where they
have the root password?