Nmap Development mailing list archives
Jacek's status report - #15 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Tue, 17 Sep 2013 00:56:14 +0200
Hi guys, This week I was told to play with other tasks around Ncat while David experiments with his copy of ncat-sa-take2. Most of my work this week was about httpd.lua and discussing design details of my socket abstractions implementation. Accomplishments: * Got rid of connections[] and connection_roots[] global tables, at least until we find a clearer interface for that. I pretty much re-read all my code, looking for things to throw out or simplify. I fixed and merged in some of David's patches that provided useful utility functions which made code easier to read. * Since there was some confusion around the initialization phase of my code, I documented it in detail on secwiki. This can be found here: https://secwiki.org/w/Ncat/Socket_abstractions#Initialization * Had a lengthy meeting with David, then with Patrick. And then on the next day, again. These guys actually devoted six hours of their time in total to me. Both David and Patrick gave me a lot of valuable feedback on how could the features could be made easier or more stable/efficient. * Started my implementation of --lua-exec scripts lookup in installation directory. Currently, it looks for the file in a directory relative to the binary executable's path. On Windows, it's .\ncat_scripts, on Unix it's ../share/ncat/scripts. Modified the Makefile to include httpd.lua and whatismyip.lua scripts and the NSIS scripts to make it work on both Unix and Windows. This can be found in my luaexec-lookup branch, waiting to be reviewed. * Re-organized the logs from the meetings with David and Patrick into a TODO that can be found on Secwiki (https://secwiki.org/w/Ncat-Lua/TODO). Done some of the easy changes already. * Did some of research on Windows path traversal, looking for more ways to secure httpd.lua. Discussed this topic with David again and implemented some of his new suggestions (waiting for review as well). * Checked out the David's new 16 commits in his copy of ncat-sa-take2 branch so I will be prepared to discuss it during the next meeting. * Wrote a --color-input patch which can be found here: http://seclists.org/nmap-dev/2013/q3/586 * Wrote some more user-friendly documentation on socket abstractions. Since all the three groups will surely be looking for different things, the new manual is split into user's guide, developer's guide and Ncat hacker's guide. Priorities: * Since David said that the last week should be mostly about relaxation, my plan is to do some things that I was behind with during GSoC. Perhaps I'll write my “slacker” proposal for the next GSoC? * Polish httpd.lua and luaexec-lookup, should there be any things that need fixing found during review. Hopefully there won't be much to be done here. * Write a summary on what I've done during my very first (and surely not last!) Google Summer of Code. Yours, Jacek Wielemborek _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Jacek's status report - #15 of 16 Jacek Wielemborek (Sep 16)