Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Privilege checks in broadcast-* scripts

From: Henri Doreau <henri.doreau () greenbone net>
Date: Fri, 13 Jan 2012 15:00:16 +0100
Hi Patrik,

2012/1/13 Patrik Karlsson <patrik () cqure net>:

Good catch Henri. But is the rootfail check really necessary? According to
my understanding and nsedoc the prerule scripts only run once: "prerule
scripts run once, before any hosts are scanned, during the script
pre-scanning phase."


you're right, for these three prerule scripts we can probably avoid
bloating the registry with the rootfail check.


In regards to the checks in the action code, I initially thought we could
remove them. Then I remembered the force patch that we introduced recently
and realized that we probably need them in the action method too.


That's also my concern. On the other hand if someone forces the
execution of a script it's maybe better to let the code run. An error
will be raised anyway if nmap can't open the pcap descriptor at all.

I would suggest that we perform the checks in the prerules, and make
them display the "<script> not running for lack of privileges."
message, for consistency.

Regards.

-- 
Henri
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: