RE: [PATCH] WinPcap Bug Fixes

["Rob Nicholls" <robert () robnicholls co uk>]

Just spotted that David has already added code that introduces an option to
prevent the silent installer from starting npf!

Here's an updated patch against his revision that should avoid any merge
errors (as my copy of TortoiseSVN couldn't cope with my original patch).

Rob

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Rob Nicholls
Sent: 15 January 2010 10:48
To: 'Fyodor'
Cc: nmap-dev () insecure org
Subject: [PATCH] WinPcap Bug Fixes

That would definitely explain it! Vista has the same group policy settings
that allow you to elevate without prompting, which is preferable to
disabling UAC entirely; but I'd still recommend people prompt. UAC isn't
that annoying unless you have some dodgy legacy programs.

I've attached a patch that fixes bug #2 and prevents potential bug #3.

The NPF key should be deleted during an uninstall, allowing the default key
to be created if it doesn't already exist, but if an uninstaller can't be
detected it's possible that the key might still exist after the service has
been deleted via the Service Control Manager (but I don't think it should,
as I'm fairly sure that deleting the service during the installation will
remove the registry key if it were to still exist). So bug #3 probably isn't
a bug, but we're making sure it couldn't become one.

The silent installer already matched the default/recommended GUI behaviour
of starting npf immediately and allowing it to start automatically, so
rather than correct bug #1 I've left the code as it is. In fact, it was
never a bug, it was always the desired feature (but people hadn't realised
it yet). That's my excuse ;-)

There's no option to disable the silent installer from creating the
recommended registry setting and starting the service, but as I previously
mentioned it should be possible to use group policy (and/or patch management
solutions) as a workaround. I'll look into adding that functionality though,
and the additional check to ensure NPF isn't still running during the
installation, in a later patch. But this should be good enough for the next
stable release. I've briefly tested it on Windows 7 x64 and it seemed to
work okay.

Rob

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of 'Fyodor'
Sent: 14 January 2010 23:25
To: Rob Nicholls
Cc: nmap-dev () insecure org; 'Richards, Toby'
Subject: Re: Suggestion for Docs

On Thu, Jan 14, 2010 at 11:32:12AM -0000, Rob Nicholls wrote:
> I'm surprised Fyodor was able to run Nmap/Zenmap correctly with the
startup
> option unchecked,

Thanks for elaborating!  I figured out why it works--I had basically
disabled UAC by setting the User Account Control settings slider to the
lowest level as described at [1].  When I set it back to the default level
and reboot, I'm able to reproduce the problem.

I'd like to address this issue before the next stable release (due very
soon).  David is looking at some options now.

> but I think I've identified a few bugs in the WinPcap installer :-S 
> (I've only done a quick code review, I've not run the
> installer):

If you're able to fix any of them soon, there is still time to make it into
the new stable release, which will be the first one since 5.00 in July.

As for our silent installer, I think it should use the same default options
as our non-silent one.  So if our default installer has "start npf at system
startup" checked, I suppose our silent installer should do that by default
too, but provide an option to disable that if desired.

Cheers,
-F

[1]
http://www.iishacks.com/index.php/2009/01/17/disable-user-account-control-ua
c-in-windows-7/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Attachment: winpcap_bug_fixes_v2.diff
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/