Date: Wed, 4 May 2011 02:11:54 +0400 From: Solar Designer <solar@...nwall.com> To: owl-dev@...ts.openwall.com Subject: Re: Nmap 5.51 Hi, I'm sorry for the delayed response. Please see below: On Mon, Apr 18, 2011 at 02:21:34AM +0100, Djalal Harouni wrote: > I was reviewing the Owl Nmap patch  to drop privileges, and I've > noticed that the Script Pre-scanning phase will run before dropping > privileges, actually there are two issues. > > Some background: > The Script Pre-scanning phase is a new NSE (Nmap Scripting Engine) > scan phase which occurs before Nmap starts classic scanning. Scripts in > this phase can do host/network discovery stuff (broadcast ...) and add > the discovered targets to the Nmap scanning queue. There is even a new > committed script 'target-sniffer.nse' to push sniffed targets into the > Nmap queue. Currently in the nmap-trunk more than 10 scripts will run > during this script scan phase. > > > 1) I think that privileges should be dropped before any scan. Yes. I was not aware of this pre-scanning phase. I thought we were merely parsing the scripts before dropping privileges. > 2) some (perhaps all) Pre-scanning scripts will not work with this patch > since they need some info (network interfaces ...) which are not > available at that time. The pre-scanning phase should not be moved, but > you can move the open_nse() call if you want to initialize NSE before > drop_priv(). > > > I want to contribute to Owl, so let me know if you want me to adjust the > patch, or if you have some other suggestions. It'd be great if you adjust and submit a patch for our review and likely inclusion in Owl. As a possible next step, maybe you could revise the patch such that it would be acceptable upstream (perhaps introduce a configure option)? Thank you! Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.