Nmap Development mailing list archives
Re: Safe and Intrusive Category confusion
From: David Fifield <david () bamsoftware com>
Date: Tue, 22 Sep 2009 22:52:02 -0600
On Tue, Sep 22, 2009 at 11:22:43PM -0500, Kris Katterjohn wrote:
On 09/22/2009 08:12 PM, David Fifield wrote:On Sat, Sep 19, 2009 at 02:41:07AM -0400, Patrick Donnelly wrote:I just was recently looking through some of the scripts' categories and found some inconsistencies. Some of our scripts do not have an intrusive or safe category. In previous discussions [1], the general consensus was that safe and intrusive would be mutually exclusive categories and each script would be in one of these two categories. I did a check through our scripts to see which scripts were not safe and not intrusive: (I edited one extraneous line out and one should note that the last script, ssh-hostkey.nse is both safe AND intrusive??). I want to go ahead and fix these scripts but wanted to make sure that having each script be "safe" XOR "default" is the way to go?If this is the case, what do you think about deprecating intrusive and using "not safe" instead? I was trying to think of a reason not to have the safe XOR intrusive rule, but I couldn't think of any scripts that would be considered both safe and intrusive, or both not safe and not intrusive.When I was first talking about the mutually exclusive, all encompassing Safe and Intrusive categories, they weren't supposed to be necessary categories for scripts to be placed into. It was more like stressing a script is safe (or whatever), or used when a script didn't really fall into any other category. A script wasn't supposed to require either and not strictly considered either (although it could always fit in one or the other). Dropping Intrusive and using "not safe" doesn't really allow for this. Now every script that is safe must be categorized explicitly as Safe or its would now be implicitly categorized as "intrusive" (not safe). While I guess this may not pose a great concern, it does say that any script not categorized as Safe is thrust into the "category" or "not safe". While this was of course the way it was before, "not safe" != "intrusive" since scripts didn't have to say one way or another. It wasn't required. By this I mean every script should always have fit into Safe or Intrusive, but they didn't have to. Now they do because "not safe" would be equivalent to "intrusive", since this would be all encompassing. Hmm... but after rereading this, I realize I may have been more stuck on rules than practicality :)
I got caught up in this line of thinking too. I had a message half-composed where I was going to claim that some scripts should be neither safe nor intrusive, or that it somehow made sense for ssh-hostkey.nse to be both safe and intrusive. But I couldn't think of any reasons to back it up, and the descriptions of http://nmap.org/book/nse-usage.html#nse-categories suggest that we have been thinking about "not safe" and "intrusive" as the same thing. "Scripts which weren't designed to crash services, use large amounts of network bandwidth or other resources, or exploit security holes are categorized as safe." "[intrusive scripts] are scripts that cannot be classified in the safe category because the risks are too high that they will crash the target system, use up significant resources on the target host (such as bandwidth or CPU time), or otherwise be perceived as malicious by the target's system administrators."
Also: while I doubt anybody likes this idea, if we were to drop one of the categories I think it should be Safe. I think it's more plausible for scripts to be required to explicitly call themselves Intrusive than Safe. You have to make a script "not safe". Besides, Intrusive scripts can do no harm and Safe scripts could accidently cause problems. But I'm sure there are more arguments against this than I can already foretell :)
I see this the exact opposite way--that explict labeling of safe is the way to guard against accidentally running unsafe scripts. If "safe" is the only category and you run --script=safe, and there's a safe script that wasn't put in the "safe" category, the only harm is that one potential script is not run. If "intrusive" is the only category and you run --script="not intrusive", and there's an instrusive script that was mistakenly not put in the "intrusive" category, then you will run an unsafe script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Safe and Intrusive Category confusion Patrick Donnelly (Sep 18)
- Re: Safe and Intrusive Category confusion Ron (Sep 18)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 22)
- Re: Safe and Intrusive Category confusion Ron (Sep 22)
- Re: Safe and Intrusive Category confusion Kris Katterjohn (Sep 22)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 22)
- Re: Safe and Intrusive Category confusion Kris Katterjohn (Sep 22)
- Re: Safe and Intrusive Category confusion Fyodor (Sep 23)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 27)
- Re: Safe and Intrusive Category confusion Patrick Donnelly (Sep 28)
- Re: Safe and Intrusive Category confusion Fyodor (Sep 28)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 30)