Re: [Openvas-discuss] [Openvas-devel] Change Requests: Formalized procedure for feature changes?
Am Sonntag, 17. Februar 2008 01:11:05 schrieb Tim Brown: The work flow should be as follows, IMO: Initial request via tracker or mailing list - Request is discussed in tracker and debated on list with any substantial points imported into tracker - Consensus reached, developer documented change request uploaded to http://www.openvas.org/ - Work done to implement change, with updates to tracker and lists as appropriate sounds good. I would also suggest that the change requests link back to the relevant tracker entry. this is a very good idea. Also links to mailing list discussions. I've added this to the CRs now. Best Jan ___ Openvas-devel mailing list [EMAIL PROTECTED] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-devel] Compile warnings
Hi Laban, Am Samstag, 16. Februar 2008 17:20:59 schrieb Lmwangi: Started hunting for warnings to fix based on their severity, flawfinder -S -m 5 gives me an TOCTTOU alert for chmod'ing of the sockets: openvas-libraries/libopenvas/bpf_share.c:368 ./openvas-libnasl/nasl/nasl_server.c:92 Done abit of research and it seems like fchmod on sockets ends up in undefined behaviour.. http://www.opengroup.org/onlinepubs/009695399/functions/fchmod.html http://72.14.205.104/search?q=cache:eIrjutZ5XAgJ:www.cs.helsinki.fi/linux/l inux-kernel/Year-1999/1999-03/0942.html+Under+Linux+2.1.130,+fchmod+andhl=e nct=clnkcd=1 http://linux.derkeiler.com/Mailing-Lists/Kernel/2004-11/0188.html Confirmed this with a small program that attempts to fchmod a socket descriptor.. Nothing works.. Should we disregard the warning from flawfinder? Any ideas for a workaround? I've tried to undestand the problem and potential solutions but failed. I guess this needs more investigation or a more clever mind ;-) So, perhaps best to postpone this issue and first resolve the others. Maybe some bright idea comes to one of us. Best Jan ___ Openvas-devel mailing list [EMAIL PROTECTED] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-devel] Compile warnings
Hi, On Monday 18 February 2008 22:10, Jan-Oliver Wagner wrote: Am Samstag, 16. Februar 2008 17:20:59 schrieb Lmwangi: Started hunting for warnings to fix based on their severity, flawfinder -S -m 5 gives me an TOCTTOU alert for chmod'ing of the sockets: openvas-libraries/libopenvas/bpf_share.c:368 [...] I've tried to undestand the problem and potential solutions but failed. I guess this needs more investigation or a more clever mind ;-) The easiest way to deal with the chmod call in libopenvas/bpf_share.c seems to be to remove the whole bpf sharing feature. It's off by default anyway and according README.BPF it's highly experimental: [...] you can try to run the configure script with the option --enable-bpf-sharing. In this case, nessusd will try to share one /dev/bpf among multiple processes and do the filtering in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO NOT RECOMMAND ENABLING IT. Does anybody use it with OpenVAS? Bernhard -- Bernhard Herzog Intevation GmbH, Osnabrück Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/ Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner pgp7PbQcwraPH.pgp Description: PGP signature ___ Openvas-devel mailing list [EMAIL PROTECTED] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] [Openvas-devel] Voting on Change Requests #1 - #4
Hi, I'd like to call for voting on the change requests #1 - #4, listed here: http://www.openvas.org/openvas-crs.html Naturally, I am in favour of all 4 of them :-) However, please read and judge whether it is a good or bad idea or wether it needs further refinement. I am not totally sure about the proper voting scheme. Tim, Robert: Does SPI require something special or do we just decide upon a simple voting? Best Jan ___ Openvas-devel mailing list [EMAIL PROTECTED] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-devel] Voting on Change Requests #1 - #4
On Wednesday 20 February 2008 00:08:24 Jan-Oliver Wagner wrote: Hi, I'd like to call for voting on the change requests #1 - #4, listed here: http://www.openvas.org/openvas-crs.html Naturally, I am in favour of all 4 of them :-) However, please read and judge whether it is a good or bad idea or wether it needs further refinement. I am not totally sure about the proper voting scheme. Tim, Robert: Does SPI require something special or do we just decide upon a simple voting? The full details as we expressed them in the constitution can be found at http://seedsforchange.org.uk/free/consens, but it essentially comes down to a show of negative hands. If noone raises strong objections against an idea then we can proceed. One thing that isn't defined is the period in which people need to respond in order for an objection to be considered. In the past I've seen people work on the 24 hour rule, but since we're spread across multiple continents and time zones, I'd propose a longer period. OTOH we can't have an indefinite period of time. How about 48 hours with an gentlemens agreement not to start a call for voting over weekends. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ ___ Openvas-devel mailing list [EMAIL PROTECTED] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] [Openvas-devel] Voting on Change Requests #1 - #4
On Feb 19, 2008 7:35 PM, Tim Brown [EMAIL PROTECTED] wrote: On Wednesday 20 February 2008 00:08:24 Jan-Oliver Wagner wrote: Hi, I'd like to call for voting on the change requests #1 - #4, listed here: http://www.openvas.org/openvas-crs.html Naturally, I am in favour of all 4 of them :-) However, please read and judge whether it is a good or bad idea or wether it needs further refinement. I am not totally sure about the proper voting scheme. Tim, Robert: Does SPI require something special or do we just decide upon a simple voting? The full details as we expressed them in the constitution can be found at http://seedsforchange.org.uk/free/consens, but it essentially comes down to a show of negative hands. If noone raises strong objections against an idea then we can proceed. One thing that isn't defined is the period in which people need to respond in order for an objection to be considered. In the past I've seen people work on the 24 hour rule, but since we're spread across multiple continents and time zones, I'd propose a longer period. OTOH we can't have an indefinite period of time. How about 48 hours with an gentlemens agreement not to start a call for voting over weekends. 48 Hours sounds good to me. We should be able to make exceptions to the rule if someone has given advanced notice of not being available for a certain time period as well. -RB -- Robert Berkowitz 919.244.5704 [EMAIL PROTECTED] ___ Openvas-devel mailing list [EMAIL PROTECTED] http://lists.wald.intevation.org/mailman/listinfo/openvas-devel ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
