Nmap Development mailing list archives
Re: Safe and Intrusive Category confusion
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 22 Sep 2009 23:22:43 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/22/2009 08:12 PM, David Fifield wrote:
On Sat, Sep 19, 2009 at 02:41:07AM -0400, Patrick Donnelly wrote:I just was recently looking through some of the scripts' categories and found some inconsistencies. Some of our scripts do not have an intrusive or safe category. In previous discussions [1], the general consensus was that safe and intrusive would be mutually exclusive categories and each script would be in one of these two categories. I did a check through our scripts to see which scripts were not safe and not intrusive: (I edited one extraneous line out and one should note that the last script, ssh-hostkey.nse is both safe AND intrusive??). I want to go ahead and fix these scripts but wanted to make sure that having each script be "safe" XOR "default" is the way to go?If this is the case, what do you think about deprecating intrusive and using "not safe" instead? I was trying to think of a reason not to have the safe XOR intrusive rule, but I couldn't think of any scripts that would be considered both safe and intrusive, or both not safe and not intrusive.
When I was first talking about the mutually exclusive, all encompassing Safe and Intrusive categories, they weren't supposed to be necessary categories for scripts to be placed into. It was more like stressing a script is safe (or whatever), or used when a script didn't really fall into any other category. A script wasn't supposed to require either and not strictly considered either (although it could always fit in one or the other). Dropping Intrusive and using "not safe" doesn't really allow for this. Now every script that is safe must be categorized explicitly as Safe or its would now be implicitly categorized as "intrusive" (not safe). While I guess this may not pose a great concern, it does say that any script not categorized as Safe is thrust into the "category" or "not safe". While this was of course the way it was before, "not safe" != "intrusive" since scripts didn't have to say one way or another. It wasn't required. By this I mean every script should always have fit into Safe or Intrusive, but they didn't have to. Now they do because "not safe" would be equivalent to "intrusive", since this would be all encompassing. Hmm... but after rereading this, I realize I may have been more stuck on rules than practicality :) Also: while I doubt anybody likes this idea, if we were to drop one of the categories I think it should be Safe. I think it's more plausible for scripts to be required to explicitly call themselves Intrusive than Safe. You have to make a script "not safe". Besides, Intrusive scripts can do no harm and Safe scripts could accidently cause problems. But I'm sure there are more arguments against this than I can already foretell :)
David Fifield
Cheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJKuaKTAAoJEEQxgFs5kUfuhSIP/0Bk+GcP9lQ/uWqlxho0LUxy mOd8tOj50H48vF25IU+7pnQ0gvxtduWsrZVCuFRwFEl47eM/OT3KDpOP3rUfNiVC jI4pGTaeOl8EMlH1sGKSxl9/bGQFdkckPQ0WbKo97HGIDORpAuwGqdHeBlEAtx5f riZZg70Wo71iGSHHm+T/cLBuQjy6srb3A4opEy4x30B85TNjnv9HS4Rmi2MovWoi E17qGITaJbV3ihZ69lrpq9iH2DP4bleNIayvySJlgCNettfYu3/Yajm9r5JD0s2x +Ya89n1lkKrYr54C8sEi5T89TS2We4dhETI4qyZkjIUoEdYEdFqOw6MlOIlgBwqc 8c6P5/HDGRRBt528kKlhT8ML7ouNQrbacEoBkuChewcETnpMhoq3JSPtT9/fL8+G Gw3FiuaIrdopFsPq+MWjxnKF2FA678yOfW0CxbcDHrnMKsiLLcaTkdTXIrO9Zjg5 YO4igZfxSm3ovXKFyMsoHfdkvkUcj+Pyn+8tWB3BpBV76PeF77gDY6T8Vd/TtaG5 VNdYitp3Wxw+KedVDWIZg5HxHVA8FMSB7cDMGEcuGCzKTaocDuGwlHOs3piJsgqF EevCCHVj7qNCduKvhgLklojUN3yHkn1edlL/NRYtmf2CMuaUAqWpmhvGf5HIbTfm Wi7HA5UeGp6oxxIcEar6 =mmAD -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Safe and Intrusive Category confusion Patrick Donnelly (Sep 18)
- Re: Safe and Intrusive Category confusion Ron (Sep 18)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 22)
- Re: Safe and Intrusive Category confusion Ron (Sep 22)
- Re: Safe and Intrusive Category confusion Kris Katterjohn (Sep 22)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 22)
- Re: Safe and Intrusive Category confusion Kris Katterjohn (Sep 22)
- Re: Safe and Intrusive Category confusion Fyodor (Sep 23)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 27)
- Re: Safe and Intrusive Category confusion Patrick Donnelly (Sep 28)
- Re: Safe and Intrusive Category confusion Fyodor (Sep 28)
- Re: Safe and Intrusive Category confusion David Fifield (Sep 30)