Nmap Development mailing list archives
[PATCH] prevent NSE initialization when no scripts are to be used
From: Solar Designer <solar () openwall com>
Date: Sat, 18 Jul 2009 16:23:30 +0400
Hi, In the Owl package of Nmap, we're patching "nmap" to chroot to /var/empty "whenever possible". Previously, this meant "when running as root and with the -n option" (indeed, our patched "nmap" would also drop root privs upon obtaining the raw socket). We've just started building Nmap with NSE support enabled, and this broke our "drop privs" patch for the case mentioned above. It turns out that Nmap would try to load the NSE libraries and scripts even when those are not to be used (at least in our current understanding), and this sounds like a bug to us even if the "drop privs" patch is not there. Michail Litvak has developed a patch (attached) to prevent NSE initialization when no scripts are to be used. We'd appreciate a review and any comments, and if our understanding and the patch are correct, we'd appreciate the patch getting applied upstream. As to the "drop privs" patch, Michail has updated it to initialize NSE (when needed) prior to dropping privs, but that's a separate topic, and we do not expect this patch to be accepted upstream in its current Unix-only form. Our patches may be seen at: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/nmap/ Thanks, Alexander
Attachment:
nmap-5.00-owl-nse_open.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] prevent NSE initialization when no scripts are to be used Solar Designer (Jul 18)
- Re: [PATCH] prevent NSE initialization when no scripts are to be used Patrick Donnelly (Jul 18)
- Re: [PATCH] prevent NSE initialization when no scripts are to be used Solar Designer (Jul 18)
- Re: [PATCH] prevent NSE initialization when no scripts are to be used Solar Designer (Jul 18)
- Re: [PATCH] prevent NSE initialization when no scripts are to be used David Fifield (Jul 18)
- Re: [PATCH] prevent NSE initialization when no scripts are to be used Solar Designer (Jul 19)
- Re: [PATCH] prevent NSE initialization when no scripts are to be used Solar Designer (Jul 18)
- Re: [PATCH] prevent NSE initialization when no scripts are to be used Patrick Donnelly (Jul 18)