|Summary:||security/py-ospd-openvas: Set PATH prior to startup, run daemon as root|
|Product:||Ports & Packages||Reporter:||Eirik Oeverby <ltning-freebsd>|
|Component:||Individual Port(s)||Assignee:||Jose Alonso Cardenas Marquez <acm>|
|Severity:||Affects Only Me||Flags:||bugzilla:
Description Eirik Oeverby 2021-03-28 20:55:50 UTC
Created attachment 223675 [details] Patch for rc.d/ospd_openvas Two items: - ospd-openvas expects to find various binaries in PATH, so this should be set to include /usr/local/(bin|sbin) explicitly. If there's a better way to do this, feel free to substitute. - Scanning is impossible unless run as root. Alternative suggestion: setuid on binary. I *think* it is run using sudo on Linux, but haven't been able to fully make heads&tails of it Attached patch does both.
Comment 1 Jose Alonso Cardenas Marquez 2021-04-16 17:34:42 UTC
did you try scanning with gvm user?
Comment 2 Eirik Oeverby 2021-04-16 17:46:23 UTC
(In reply to Jose Alonso Cardenas Marquez from comment #1) Yes, but you need to be root for nmap and friends to run. It may be possible to overcome this with the correct mix of sysctls, but that would still be a problem when running from within a jail, for instance. Either way, if that is the expected mode of use, it should be documented how to make it work.