From Jan-Oliver.Wagner at greenbone.net Tue Dec 15 14:41:27 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Tue, 15 Dec 2009 14:41:27 +0100 Subject: [Openvas-plugins] bad usage of islocalhost() Message-ID: <200912151441.29397.Jan-Oliver.Wagner@greenbone.net> Hello, we discovered that in version_func.inc the use of islocalhost() should be eliminated for the following reason: 1. system commands are executed on scanner host although no credentials are provided. 2. system commands are executed with the same privileges as the scanner (typically root). I've grepped for islocalhost and found 50 occurances. I did not look into them any deeper but I could imagine that there are some misuses as well. Anyone knows a reason why not to remove the islocalhost sections from version_func.inc? (It is there since a long time) What are the reasons we need a special handling for localhost at all? Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From bchandra at secpod.com Tue Dec 15 15:07:45 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Tue, 15 Dec 2009 19:37:45 +0530 Subject: [Openvas-plugins] bad usage of islocalhost() In-Reply-To: <200912151441.29397.Jan-Oliver.Wagner@greenbone.net> References: <200912151441.29397.Jan-Oliver.Wagner@greenbone.net> Message-ID: <75CD1C1651FE40AA962EBB393BB8409E@bchandra> Hello, > -----Original Message----- > From: openvas-plugins-bounces at wald.intevation.org > [mailto:openvas-plugins-bounces at wald.intevation.org] On > Behalf Of Jan-Oliver Wagner > Sent: Tuesday, December 15, 2009 7:11 PM > To: openvas-plugins at wald.intevation.org > Subject: [Openvas-plugins] bad usage of islocalhost() > > Hello, > > we discovered that in version_func.inc the use of > islocalhost() should be eliminated for the following reason: > 1. system commands are executed on scanner host although no > credentials are provided. > 2. system commands are executed with the same privileges > as the scanner (typically root). > I agree with you, we should remove the usage of islocalhost() only in version_func.inc and some of the plugins that are using version_func.inc > I've grepped for islocalhost and found 50 occurances. > I did not look into them any deeper but I could imagine that > there are some misuses as well. > > Anyone knows a reason why not to remove the islocalhost > sections from version_func.inc? (It is there since a long time) islocalhost() is added for performance reasons, if it is a localhost, we need not setup an ssh session. > > What are the reasons we need a special handling for localhost at all? All other cases are in plugins that do packet capturing and crafting which is required. Thanks, Chandra. From Jan-Oliver.Wagner at greenbone.net Wed Dec 16 14:56:39 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Wed, 16 Dec 2009 14:56:39 +0100 Subject: [Openvas-plugins] bad usage of islocalhost() In-Reply-To: <75CD1C1651FE40AA962EBB393BB8409E@bchandra> References: <200912151441.29397.Jan-Oliver.Wagner@greenbone.net> <75CD1C1651FE40AA962EBB393BB8409E@bchandra> Message-ID: <200912161456.40965.Jan-Oliver.Wagner@greenbone.net> On Dienstag, 15. Dezember 2009, Chandrashekhar B wrote: > > we discovered that in version_func.inc the use of > > islocalhost() should be eliminated for the following reason: > > 1. system commands are executed on scanner host although no > > credentials are provided. > > 2. system commands are executed with the same privileges > > as the scanner (typically root). > > > > I agree with you, we should remove the usage of islocalhost() only in > version_func.inc and some of the plugins that are using version_func.inc OK. > > I've grepped for islocalhost and found 50 occurances. > > I did not look into them any deeper but I could imagine that > > there are some misuses as well. > > > > Anyone knows a reason why not to remove the islocalhost > > sections from version_func.inc? (It is there since a long time) > > islocalhost() is added for performance reasons, if it is a localhost, we > need not setup an ssh session. I think the performance gain does not justify to start process with the same user id as openvasd. With ssh sessions we also control the privileges under which the tools are executed. We will remove the islocalhost() conditionals from version_func.inc now. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Thu Dec 17 12:48:50 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 17 Dec 2009 12:48:50 +0100 Subject: [Openvas-plugins] Storing registry information into KB Message-ID: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net> Hi, currently, functions like registry_get_sz() (in smb_nt.inc) just return the value they retrieved from the SMB query. In various cases it would be nice to have the value also stored in the KB: - to allow dry runs with prepared KBs - to prevent re-connecting to target (only once per query) Attached is a patch Felix prepared to demonstrate how it would work. I am not sure about binary objects - do such occur and can they cause troubke to the KB? Please let me know any concerns against such a change. Also, there are a number of other places where we can apply a similar approach. Best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner From Jan-Oliver.Wagner at greenbone.net Thu Dec 17 14:33:52 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 17 Dec 2009 14:33:52 +0100 Subject: [Openvas-plugins] Storing registry information into KB In-Reply-To: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net> References: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200912171433.54069.Jan-Oliver.Wagner@greenbone.net> On Donnerstag, 17. Dezember 2009, Jan-Oliver Wagner wrote: > Attached is a patch Felix prepared to demonstrate how > it would work. I am not sure about binary objects - do such > occur and can they cause troubke to the KB? _now_ it is attached. Sorry. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smb_nt_inc-REGISTRY-GET-SZ-PROXY.patch Type: text/x-diff Size: 0 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20091217/d6643848/smb_nt_inc-REGISTRY-GET-SZ-PROXY.bin From michael.meyer at intevation.de Thu Dec 17 14:36:27 2009 From: michael.meyer at intevation.de (Michael Meyer) Date: Thu, 17 Dec 2009 14:36:27 +0100 Subject: [Openvas-plugins] Storing registry information into KB In-Reply-To: <200912171433.54069.Jan-Oliver.Wagner@greenbone.net> References: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net> <200912171433.54069.Jan-Oliver.Wagner@greenbone.net> Message-ID: <20091217133627.GA31388@komma-nix.de> *** Jan-Oliver Wagner wrote: > On Donnerstag, 17. Dezember 2009, Jan-Oliver Wagner wrote: > > Attached is a patch Felix prepared to demonstrate how > > it would work. I am not sure about binary objects - do such > > occur and can they cause troubke to the KB? > > _now_ it is attached. Sorry. smb_nt_inc-REGISTRY-GET-SZ-PROXY.patch [text/x-diff, 7bit, iso 8859-1, 0K] Size: 0 bytes. It's a *very* small patch. ;) Micha -- Michael Meyer OpenPGP Key: 76E050B9 http://www.intevation.de Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck; AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Thu Dec 17 14:45:35 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Thu, 17 Dec 2009 19:15:35 +0530 Subject: [Openvas-plugins] Storing registry information into KB In-Reply-To: <200912171433.54069.Jan-Oliver.Wagner@greenbone.net> References: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net> <200912171433.54069.Jan-Oliver.Wagner@greenbone.net> Message-ID: <160977A10E044A848DF3F9459A1288F5@bchandra> I don't see anything in the patch... Chandra. > -----Original Message----- > From: openvas-plugins-bounces at wald.intevation.org > [mailto:openvas-plugins-bounces at wald.intevation.org] On > Behalf Of Jan-Oliver Wagner > Sent: Thursday, December 17, 2009 7:04 PM > To: openvas-plugins at wald.intevation.org > Subject: Re: [Openvas-plugins] Storing registry information into KB > > On Donnerstag, 17. Dezember 2009, Jan-Oliver Wagner wrote: > > Attached is a patch Felix prepared to demonstrate how it > would work. I > > am not sure about binary objects - do such occur and can they cause > > troubke to the KB? > > _now_ it is attached. Sorry. > > -- > Dr. Jan-Oliver Wagner | ++49-541-335084-0 | > http://www.greenbone.net/ Greenbone Networks GmbH, Neuer > Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 > Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner > From Jan-Oliver.Wagner at greenbone.net Thu Dec 17 14:58:05 2009 From: Jan-Oliver.Wagner at greenbone.net (Jan-Oliver Wagner) Date: Thu, 17 Dec 2009 14:58:05 +0100 Subject: [Openvas-plugins] Storing registry information into KB In-Reply-To: <200912171433.54069.Jan-Oliver.Wagner@greenbone.net> References: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net> <200912171433.54069.Jan-Oliver.Wagner@greenbone.net> Message-ID: <200912171458.07512.Jan-Oliver.Wagner@greenbone.net> On Donnerstag, 17. Dezember 2009, Jan-Oliver Wagner wrote: > On Donnerstag, 17. Dezember 2009, Jan-Oliver Wagner wrote: > > Attached is a patch Felix prepared to demonstrate how > > it would work. I am not sure about binary objects - do such > > occur and can they cause troubke to the KB? > > _now_ it is attached. Sorry. not sure why it was empty. I now double-verified it is in the email I send. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner -------------- next part -------------- A non-text attachment was scrubbed... Name: smb_nt_inc-REGISTRY-GET-SZ-PROXY.patch Type: text/x-diff Size: 1508 bytes Desc: not available Url : http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20091217/64fe4069/smb_nt_inc-REGISTRY-GET-SZ-PROXY.bin From bchandra at secpod.com Fri Dec 18 07:11:31 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Fri, 18 Dec 2009 11:41:31 +0530 Subject: [Openvas-plugins] Storing registry information into KB In-Reply-To: <200912171458.07512.Jan-Oliver.Wagner@greenbone.net> References: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net><200912171433.54069.Jan-Oliver.Wagner@greenbone.net> <200912171458.07512.Jan-Oliver.Wagner@greenbone.net> Message-ID: <91C7C888DD5040E389DF6655A1C85491@bchandra> The KB item key name conflicts with the ones already used in secpod_reg_enum.nasl and secpod_red.inc, you can change it to something else. The idea is good, think we should do these changes for all such similar functions. But the only concern would be as the size grows, need to check the performance impact. Thanks, Chandra. > -----Original Message----- > From: openvas-plugins-bounces at wald.intevation.org > [mailto:openvas-plugins-bounces at wald.intevation.org] On > Behalf Of Jan-Oliver Wagner > Sent: Thursday, December 17, 2009 7:28 PM > To: openvas-plugins at wald.intevation.org > Subject: Re: [Openvas-plugins] Storing registry information into KB > > On Donnerstag, 17. Dezember 2009, Jan-Oliver Wagner wrote: > > On Donnerstag, 17. Dezember 2009, Jan-Oliver Wagner wrote: > > > Attached is a patch Felix prepared to demonstrate how it > would work. > > > I am not sure about binary objects - do such occur and can they > > > cause troubke to the KB? > > > > _now_ it is attached. Sorry. > > not sure why it was empty. I now double-verified it is in the > email I send. > > -- > Dr. Jan-Oliver Wagner | ++49-541-335084-0 | > http://www.greenbone.net/ Greenbone Networks GmbH, Neuer > Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 202460 > Gesch?ftsf?hrer: Lukas Grunwald, Dr. Jan-Oliver Wagner > From felix.wolfsteller at intevation.de Fri Dec 18 13:34:46 2009 From: felix.wolfsteller at intevation.de (Felix Wolfsteller) Date: Fri, 18 Dec 2009 13:34:46 +0100 Subject: [Openvas-plugins] Storing registry information into KB In-Reply-To: <91C7C888DD5040E389DF6655A1C85491@bchandra> References: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net> <200912171458.07512.Jan-Oliver.Wagner@greenbone.net> <91C7C888DD5040E389DF6655A1C85491@bchandra> Message-ID: <200912181334.46385.felix.wolfsteller@intevation.de> On Friday 18 December 2009 07:11:31 Chandrashekhar B wrote: > The KB item key name conflicts with the ones already used in > secpod_reg_enum.nasl and secpod_red.inc, you can change it to something > else. Ok, any suggestions? /SMB/REG_GET_SZ/ ? -- felix -- Felix Wolfsteller | ++49 541 335083-783 | http://www.intevation.de/ PGP Key: 39DE0100 Intevation GmbH, Neuer Graben 17, 49074 Osnabr?ck | AG Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From bchandra at secpod.com Fri Dec 18 14:22:46 2009 From: bchandra at secpod.com (Chandrashekhar B) Date: Fri, 18 Dec 2009 18:52:46 +0530 Subject: [Openvas-plugins] Storing registry information into KB In-Reply-To: <200912181334.46385.felix.wolfsteller@intevation.de> References: <200912171248.55048.Jan-Oliver.Wagner@greenbone.net><200912171458.07512.Jan-Oliver.Wagner@greenbone.net><91C7C888DD5040E389DF6655A1C85491@bchandra> <200912181334.46385.felix.wolfsteller@intevation.de> Message-ID: <8DF63DF2F6414192BACBB96C2ABCC2C6@bchandra> > -----Original Message----- > From: openvas-plugins-bounces at wald.intevation.org > [mailto:openvas-plugins-bounces at wald.intevation.org] On > Behalf Of Felix Wolfsteller > Sent: Friday, December 18, 2009 6:05 PM > To: openvas-plugins at wald.intevation.org > Subject: Re: [Openvas-plugins] Storing registry information into KB > > On Friday 18 December 2009 07:11:31 Chandrashekhar B wrote: > > The KB item key name conflicts with the ones already used in > > secpod_reg_enum.nasl and secpod_red.inc, you can change it to > > something else. > Ok, any suggestions? > /SMB/REG_GET_SZ/ ? Should be fine. Chandra.