Nmap ideas thrown around on IRC

[doug () hcsw org]

Hi nmap-dev,

Here are some snippets from a conversation between me (Fractal)
and Diman (HET2) with some nmap ideas:

<HET2> if i was a student this soc
<HET2> i'd have applied for the mobile nmap stuff
<HET2> nmap on my nds /me muses
-:- You have new email.
<Fractal> ya that would be fun
-:- You have new email.
<Fractal> i wouldn't mind seeing priv. sep. in nmap
<HET2> priv sep?
<HET2> what's that
<Fractal> privilege separation
<Fractal> so instead of doing scans as root it would fork off a process, chroot(), drop UID/GID
<Fractal> possibly set NOFILE rlimit to 0 so it can't open more sockets
<Fractal> and return results to root process via a pipe(2)
<HET2> hmm
<Fractal> just in case any bugs discovered in nmap
<HET2> what's the advantage
<HET2> yeah well, the forked process will run as root, wouldn't it
<HET2> :)
<Fractal> you aren't running a potentially vulnerable process as root
<Fractal> not necessrily
<Fractal> you could open the necessary pcap/dnet descriptors
-:- You have new email.
<Fractal> and then drop privileges and run as nobody
<HET2> hmm
<HET2> that sounds like a good idea
<HET2> only thing is
<HET2> i've seen the sources to Nsock
<HET2> and i doubt anyone would find it fun to work on them
<Fractal> hmm.. well nsock prolly wouldn't need to be changed..
<Fractal> but ya i agree would be a lot of work
<HET2> it would be outside of nsock?
<Fractal> well nsock is mostly just a callback library that will work fine no matter the UID of the process
<HET2> it's probably a very good idea
<HET2> but
<Fractal> like i'm thinking the fork() would take place before starting NSE for instance
<HET2> i'd much rather have someone rewrite output.cc
<Fractal> yes!
<HET2> and NmapTable.cc
<Fractal> that code is awful
<Fractal> output.cc i maen
<Fractal> hack after hack and it shows :)
<HET2> fyodor should have made the table row wise, not col wise
<HET2> it would have solved so much woes
<HET2> also
<Fractal> ya.. i think we shoul dhave some srt of DOM-like data structure
<HET2> real xml support would be neat also
<HET2> yeah
<Fractal> host["localhost"].state = "UP";
<Fractal> host["localhost"].tcp.port[80].state = "FILTERED";
<HET2> printf("<port state=\"%s\"/>", state)
<HET2> !!!
<Fractal> heh ya it's pretty smelly :)
<HET2> if tim berners lee saw that we'd be out of the window
<Fractal> haha
-:- You have new email.
<HET2> actually
<HET2> i've been pondering
<HET2> if it isn't a good idea to make all the output in lua
<Fractal> mind if I cc nmap-dev a log of these ideas?
<HET2> not at all
<Fractal> wut you mean re: lua output?
<HET2> have output.cc in lua
<HET2> you give the lua interpreter a data structure with the results
<HET2> and lua construcuts the output
-:- You have new email.
<Fractal> interesting.. what's the advantage?
<HET2> you get the advantage of anonymous functions and all that
<HET2> it's not like it is performance criticial

...

<jurand> afternoon
<HET2> i am wondering if patrick will fix the scheduling problems
<Fractal> jurand - hello
<HET2> nse gets into endless loops sometimes and we still don't know why exactly
<HET2> hi jurand
<Fractal> interesting.. hopefully the debugger will help
<HET2> not really
<HET2> it's some awkward concurrency issue
-:- You have new email.
<Fractal> oh i see.. ya those can be very hard to track down


Come visit us on #nmap @ EFnet (efnet.demon.co.uk irc.prison.net
efnet.xs4all.nl etc).

Doug (Fractal)

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org