Re: Sandboxing Techniques for Nmap in the Cloud

[jrf <jay.fink () gmail com>]

On Tue, May 04, 2010 at 07:38:49AM +0300, Henri Salo wrote:
> On Tue, 4 May 2010 00:08:48 -0400
> Patrick Donnelly <batrick () batbytes com> wrote:
>
> > This is part of Alexandru's Cloud GSoC project [1]. I wondered what
> > everyone's thoughts were on sandboxing Nmap? I figure this has
> > particular importance with respect to NSE and misbehaving scripts. A
> > current evolving practice in distributed computing research is to
> > setup virtual machines dynamically that can do work. My feeling is
> > that we could setup something similar that launches VMs so Nmap can
> > run with root access while not being able to compromise the host. I
> > envision it using a distributed VM creator like Eucalyptus to
> > accomplish this.
> >
> > [1] http://seclists.org/nmap-dev/2010/q2/350
>
> This sounds good. I can test it once you have working model.  Please
> contact me when needed.

Seconded. I actually did something similar to this today. I created a
virtualbox vm to run openvas, as soon as I had a report I shut it
down. 

 j
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/