Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[bug] Zenmap crashes and more bugs related to ~/.nmap/scripts/ directory

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 23 Mar 2012 16:07:46 -0500
List,
Ran into a Zenmap crash on my system caused by having a ~/.nmap/scripts/ directory without a scripts.db file in it. This is the trace I got when trying to open the profile editor (latest svn):
File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/ScriptInterface.py", line 277, in script_list_timer_callback 
    callback(True, process)
File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/ScriptInterface.py", line 286, in initial_script_list_cb 
    if status and self.handle_initial_script_list_output(process):
File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/ScriptInterface.py", line 315, in handle_initial_script_list_output for entry in get_script_entries(handler.scripts_dir, handler.nselib_dir): File "/usr/local/lib/python2.6/dist-packages/zenmapCore/ScriptMetadata.py", line 420, in get_script_entries 
    scriptdb = ScriptDB(os.path.join(scripts_dir, "script.db"))
File "/usr/local/lib/python2.6/dist-packages/zenmapCore/ScriptMetadata.py", line 113, in __init__ 
    self.f = open(script_db_path, "r")
IOError: [Errno 2] No such file or directory: u'/root/.nmap/scripts/script.db' 

As an added bonus, clicking the "copy" button gives this traceback:


Traceback (most recent call last):
File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/CrashReport.py", line 182, in copy 
    clipboard.set_text(self.get_description())
AttributeError: 'CrashReport' object has no attribute 'get_description'
The bug got me thinking about how Nmap handles the script database, and the use of the cnse.fetchfile_absolute function. As a test, I ran `sudo nmap --script-update` and sure enough, it created /root/.nmap/scripts/script.db, which only contained one testing script. Running `sudo nmap --script-help all` after this only shows that one script, which is not correct. Here are some thoughts on ways ahead: 

  1. Enable multiple script databases, one for each scripts directory
     location. Could be useful, and would let users add their own
     scripts to their own database and call them by category, not
     requiring root access to updatedb. Could also be difficult and
     nightmarish to implement, haven't looked at the source. Also would
     have to handle the case of root having its own home-dir-version vs
     the systemwide one.
  2. Only look in the installation directory for the scripts.db file.
     Less flexible, and may be more difficult than the current
     cnse.fetchfile_absolute method we use currently.
  3. Look for an existing script.db file first before creating a new
     one. Keeps --script-updatedb as a root-only function.
I'd like to hear others' ideas on this. I think it may be tangentially related to the issue I brought up before about using the process's EUID instead of the $HOME environment variable to find the personal nmap directory (http://seclists.org/nmap-dev/2012/q1/108). 

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: