Jacek's status report - #15 of 16

[Jacek Wielemborek <wielemborekj1 () gmail com>]

Hi guys,

This week I was told to play with other tasks around Ncat while David
experiments with his copy of ncat-sa-take2. Most of my work this week
was about httpd.lua and discussing design details of my socket
abstractions implementation.

Accomplishments:

* Got rid of connections[] and connection_roots[] global tables, at
least until we find a clearer interface for that. I pretty much
re-read all my code, looking for things to throw out or simplify. I
fixed and merged in some of David's patches that provided useful
utility functions which made code easier to read.

* Since there was some confusion around the initialization phase of my
code, I documented it in detail on secwiki. This can be found here:
https://secwiki.org/w/Ncat/Socket_abstractions#Initialization

* Had a lengthy meeting with David, then with Patrick. And then on the
next day, again. These guys actually devoted six hours of their time
in total to me. Both David and Patrick gave me a lot of valuable
feedback on how could the features could be made easier or more
stable/efficient.

* Started my implementation of --lua-exec scripts lookup in
installation directory. Currently, it looks for the file in a
directory relative to the binary executable's path. On Windows, it's
.\ncat_scripts, on Unix it's ../share/ncat/scripts. Modified the
Makefile to include httpd.lua and whatismyip.lua scripts and the NSIS
scripts to make it work on both Unix and Windows. This can be found in
my luaexec-lookup branch, waiting to be reviewed.

* Re-organized the logs from the meetings with David and Patrick into
a TODO that can be found on Secwiki
(https://secwiki.org/w/Ncat-Lua/TODO). Done some of the easy changes
already.

* Did some of research on Windows path traversal, looking for more
ways to secure httpd.lua. Discussed this topic with David again and
implemented some of his new suggestions (waiting for review as well).

* Checked out the David's new 16 commits in his copy of ncat-sa-take2
branch so I will be prepared to discuss it during the next meeting.

* Wrote a --color-input patch which can be found here:
http://seclists.org/nmap-dev/2013/q3/586

* Wrote some more user-friendly documentation on socket abstractions.
Since all the three groups will surely be looking for different
things, the new manual is split into user's guide, developer's guide
and Ncat hacker's guide.

Priorities:

* Since David said that the last week should be mostly about
relaxation, my plan is to do some things that I was behind with during
GSoC. Perhaps I'll write my “slacker” proposal for the next GSoC?

* Polish httpd.lua and luaexec-lookup, should there be any things that
need fixing found during review. Hopefully there won't be much to be
done here.

* Write a summary on what I've done during my very first (and surely
not last!) Google Summer of Code.

Yours,
Jacek Wielemborek
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/