Nmap Development mailing list archives
Updater Proposal
From: "Colin L. Rice" <ricec2 () rpi edu>
Date: Sun, 15 May 2011 20:28:02 -0400
Hello Everyone, I'm Colin on of the new GSOC students. As part of my task I want to implement a auto-updater for nmap. However before I write it I need to figure out how to implement it and how limited it is. So I have been researching this and would like to present a couple of options for discussion. We first have two choices 1) Write an updater which only touches the platform independant files such as the lua and NSE libraries as well as nmap-service-probes, nmap-services, nmap-os-db. This could be used not only to update old versions of nmap but also to update users to the latest scripts, services, and os probes without updating the entire nmap library and allowing new changes to be distributed quickly. 2) Write an updater which updates everything. This simplifies worrying about whether the scripts will work with the current version but you do have to make sure you are getting the correct binary. Once you have made those choices you have to decide how you wish to insure download integrity. There are again a couple of options. 1) Use a framework such as TUF which is set up to basically handle hostile attack gracefully and can deal with everything from compromised keys, hostile mirrors, and man in the middle attacks. https://www.updateframework.com/browser/specs/tuf-spec.txt 2) Use a simpler system which is wrapped around bsdiff or courgette where all that is maintained is that the patches are signed by the correct source, that the patches are newer than the current version, and that there has been no corruption during transmission. After talking with my mentor it sounds like the best idea is to write a updater which is separate from nmap and uses TUF as a framework. Additionally we should just update everything in order to avoid lots of very different bugs arousing from the binaries not being updated. One potential issue is I have not found a way to get TUF to pull different binaries depending on the platform. It may be built in and I haven't spotted it or I could modify TUF in order to accommodate that. Any Thoughts? -Colin Rice _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Updater Proposal Colin L. Rice (May 15)
- Re: Updater Proposal alexandru (May 16)
- Re: Updater Proposal David Fifield (May 16)
- Re: Updater Proposal Fyodor (May 18)
- Re: Updater Proposal Colin L. Rice (May 18)
- Re: Updater Proposal olli hauer (May 18)
- Re: Updater Proposal Marek Lukaszuk (May 19)
- Re: Updater Proposal David Fifield (May 19)
- Re: Updater Proposal Daniel Roethlisberger (May 19)
- Re: Updater Proposal Shinnok (May 19)
- Re: Updater Proposal Fyodor (May 18)
- <Possible follow-ups>
- Re: Updater Proposal ricec2 (May 19)