Nmap Development mailing list archives
[bug] Zenmap crashes and more bugs related to ~/.nmap/scripts/ directory
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 23 Mar 2012 16:07:46 -0500
List,Ran into a Zenmap crash on my system caused by having a ~/.nmap/scripts/ directory without a scripts.db file in it. This is the trace I got when trying to open the profile editor (latest svn):
File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/ScriptInterface.py", line 277, in script_list_timer_callbackcallback(True, process)File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/ScriptInterface.py", line 286, in initial_script_list_cbif status and self.handle_initial_script_list_output(process):File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/ScriptInterface.py", line 315, in handle_initial_script_list_output for entry in get_script_entries(handler.scripts_dir, handler.nselib_dir): File "/usr/local/lib/python2.6/dist-packages/zenmapCore/ScriptMetadata.py", line 420, in get_script_entriesscriptdb = ScriptDB(os.path.join(scripts_dir, "script.db"))File "/usr/local/lib/python2.6/dist-packages/zenmapCore/ScriptMetadata.py", line 113, in __init__self.f = open(script_db_path, "r")IOError: [Errno 2] No such file or directory: u'/root/.nmap/scripts/script.db'
As an added bonus, clicking the "copy" button gives this traceback:
Traceback (most recent call last):File "/usr/local/lib/python2.6/dist-packages/zenmapGUI/CrashReport.py", line 182, in copyclipboard.set_text(self.get_description()) AttributeError: 'CrashReport' object has no attribute 'get_description'
The bug got me thinking about how Nmap handles the script database, and the use of the cnse.fetchfile_absolute function. As a test, I ran `sudo nmap --script-update` and sure enough, it created /root/.nmap/scripts/script.db, which only contained one testing script. Running `sudo nmap --script-help all` after this only shows that one script, which is not correct. Here are some thoughts on ways ahead:
1. Enable multiple script databases, one for each scripts directory location. Could be useful, and would let users add their own scripts to their own database and call them by category, not requiring root access to updatedb. Could also be difficult and nightmarish to implement, haven't looked at the source. Also would have to handle the case of root having its own home-dir-version vs the systemwide one. 2. Only look in the installation directory for the scripts.db file. Less flexible, and may be more difficult than the current cnse.fetchfile_absolute method we use currently. 3. Look for an existing script.db file first before creating a new one. Keeps --script-updatedb as a root-only function.I'd like to hear others' ideas on this. I think it may be tangentially related to the issue I brought up before about using the process's EUID instead of the $HOME environment variable to find the personal nmap directory (http://seclists.org/nmap-dev/2012/q1/108).
Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [bug] Zenmap crashes and more bugs related to ~/.nmap/scripts/ directory Daniel Miller (Mar 23)