On Mon, Apr 29, 2013 at 6:37 AM, Johannes Weberhofer <jweberho...@weberhofer.at> wrote: > Andres, > > thank you for your notes. Unfortunately I'm my python programming is very > basic, so I think I can't help with many pull-requests...
This [0] should help with the tcpdump warning, please test and confirm it worked. [0]https://github.com/andresriancho/w3af/commit/b94fdc0021d3c39b83e3a9990210d40a86a13d27 Please browse through the w3af-packages repository and try to identify if there is a fix for the permissions issue there. Also, I'm wondering about pyc files... what happens when a regular user runs w3af and it is installed in a directory where he can't store the pyc files? If those files aren't stored, python will have to compile the py files to pyc files (in a tmp dir?) each time the application is run, which is slow... maybe other RPM packages offer a solution to this? I know that setup.py compiles py to pyc when you install a module in site-packages. This is an interesting question to solve :) > > Am 28.04.2013 21:48, Andres Riancho wrote: >> >> Johannes, >> >> On Sun, Apr 28, 2013 at 8:33 AM, <jweberho...@weberhofer.at> wrote: >>> >>> Dear all! >>> >>> After some pause, I'm working on RPM packages of the current master >>> branch, which looks very promising. Still I have two issues: >> >> >> That sounds great, totally recommend building from it. >> >>> 1) On startup, I always see the warning "WARNING: Failed to execute >>> tcpdump. Check it is installed and in the PATH"; that doesn't stop the >>> execution, but it should be possibly rewritten to something like that: >>> "INFO: tcpdump is not installed or you don't have enough permission to >>> run. Try to run as root in case you need tcpdump's features". >> >> >> This comes from scapy, which uses some annoying logging for those errors: >> >> $ wget http://hg.secdev.org/scapy/archive/tip.zip >> $ unzip tip.zip >> $ cd scapy-d02d7e7b0989/ >> $ find . -name '*.py' | xargs grep 'Failed to execute' >> ./scapy/arch/linux.py: log_loading.warning("Failed to execute >> tcpdump. Check it is installed and in the PATH") >> ./scapy/arch/linux.py: log_interactive.warning("Failed to >> execute tcpdump: (%s)") >> >> I think the problem can be solved by disabling the warnings before >> loading scapy in dependency_check.py and then re-enabling warnings. >> Please see http://docs.python.org/2/library/warnings.html , >> pull-requests are welcome :) >> >>> 2) The second problem causes a regular user to not be able to run w3af >>> in case he does not own the installation directory. The only appearing >>> message is: "Error while reading plugin options: "Invalid file option >>> value "output-w3af.csv", the user doesn't have enough permissions to >>> write to the specified directory." >>> >>> Strace shows the following lines: >>> >>> ------------- >>> open("/usr/share/w3af/plugins/output/itertools.pyc", O_RDONLY) = -1 >>> ENOENT (No such file or directory) >>> close(3) = 0 >>> getcwd("/usr/share/w3af", 1024) = 16 >>> stat("/usr/share/w3af", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 >>> access("/usr/share/w3af", W_OK) = -1 EACCES (Permission denied) >>> futex(0x7f11480012e0, FUTEX_WAKE_PRIVATE, 1) = 1 >>> ------------- >>> >>> In case the user is the owner of /usr/share/s3af, the strace continues >>> with: >>> ------------- >>> open("/usr/share/w3af/plugins/bruteforce/itertools.pyc", O_RDONLY) = -1 >>> ENOENT (No such file or directo >>> ry) >>> close(3) = 0 >>> getcwd("/usr/share/w3af", 1024) = 16 >>> stat("/usr/share/w3af/core/controllers/bruteforce", >>> {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 >>> access("/usr/share/w3af/core/controllers/bruteforce", R_OK) = 0 >>> ------------- >>> >>> I hope, that can help you improve w3af, so that it can pacakged for >>> installation on opensuse and fedora... >> >> >> Hmmm, that's something I wasn't expecting actually... have you checked >> in the packages repository [0] to see if some other packager solved >> this issue without modifying w3af? If nobody did this with a "cd" to >> the current directory or something similar, let me know and I'll think >> about a solution. > > > Thank you for showing up this repository, I will try to contribute something > later on; packages for other distributions are available for stable releases > only, the 2nd problem is new to the master-branch in the git repository. > > > >> >> [0] https://github.com/andresriancho/w3af-packages > > > Best regards, > Johannes > > -- > Johannes Weberhofer > Weberhofer GmbH, Austria, Vienna -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
