[PATCH] WinPcap Bug Fixes

["Rob Nicholls" <robert () robnicholls co uk>]

That would definitely explain it! Vista has the same group policy settings
that allow you to elevate without prompting, which is preferable to
disabling UAC entirely; but I'd still recommend people prompt. UAC isn't
that annoying unless you have some dodgy legacy programs.

I've attached a patch that fixes bug #2 and prevents potential bug #3.

The NPF key should be deleted during an uninstall, allowing the default key
to be created if it doesn't already exist, but if an uninstaller can't be
detected it's possible that the key might still exist after the service has
been deleted via the Service Control Manager (but I don't think it should,
as I'm fairly sure that deleting the service during the installation will
remove the registry key if it were to still exist). So bug #3 probably isn't
a bug, but we're making sure it couldn't become one.

The silent installer already matched the default/recommended GUI behaviour
of starting npf immediately and allowing it to start automatically, so
rather than correct bug #1 I've left the code as it is. In fact, it was
never a bug, it was always the desired feature (but people hadn't realised
it yet). That's my excuse ;-)

There's no option to disable the silent installer from creating the
recommended registry setting and starting the service, but as I previously
mentioned it should be possible to use group policy (and/or patch management
solutions) as a workaround. I'll look into adding that functionality though,
and the additional check to ensure NPF isn't still running during the
installation, in a later patch. But this should be good enough for the next
stable release. I've briefly tested it on Windows 7 x64 and it seemed to
work okay.

Rob

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of 'Fyodor'
Sent: 14 January 2010 23:25
To: Rob Nicholls
Cc: nmap-dev () insecure org; 'Richards, Toby'
Subject: Re: Suggestion for Docs

On Thu, Jan 14, 2010 at 11:32:12AM -0000, Rob Nicholls wrote:
> I'm surprised Fyodor was able to run Nmap/Zenmap correctly with the
startup
> option unchecked,

Thanks for elaborating!  I figured out why it works--I had basically
disabled UAC by setting the User Account Control settings slider to
the lowest level as described at [1].  When I set it back to the
default level and reboot, I'm able to reproduce the problem.

I'd like to address this issue before the next stable release (due
very soon).  David is looking at some options now.

> but I think I've identified a few bugs in the WinPcap
> installer :-S (I've only done a quick code review, I've not run the
> installer):

If you're able to fix any of them soon, there is still time to make it
into the new stable release, which will be the first one since 5.00 in
July.

As for our silent installer, I think it should use the same default
options as our non-silent one.  So if our default installer has "start
npf at system startup" checked, I suppose our silent installer should
do that by default too, but provide an option to disable that if
desired.

Cheers,
-F

[1]
http://www.iishacks.com/index.php/2009/01/17/disable-user-account-control-ua
c-in-windows-7/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: winpcap_bug_fixes.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/