Re: [PATCH] Experimental SCTP scan support

[doug () hcsw org]

On Sun, Jan 04, 2009 at 07:49:18PM -0800 or thereabouts, Fyodor wrote:
> Sounds like a great feature!  Anyone want to make a patch so that Nmap
> always uses this when available?  It would be good for security, and
> may help us identify bugs which might otherwise go unnoticed (as we
> saw in this case).  Ideally it would cover PCRE and OpenSSL too.

I would except that I'm not familiar enough with autoconf.
You just need to add -D_FORTIFY_SOURCE=2 to the gcc command
lines.

I think most people probably use a pre-compiled SSL and
IIRC systems like oBSD ports use a pre-compiled PCRE too
so nmap might not always be able to fortify those.

> o Can't have a significant performance penalty (I don't think it
>   would, but it is worth a few test scans to make sure).

I'm pretty sure the performance impact especially for a program
like nmap that doesn't use many string functions in its inner
loops will be minimal.

Doug

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org