Hi Piotr, Thanks for the feedback. I don't believe this functionality changes the attack surface. Most systems with bash also have nc/netcat or an equivalent program which can do the same thing. Even the nc version in busybox has listen capability. In fact, if you can create a file with arbitrary content and mark it as executable then you have access to the system calls needed to listen on a socket. All existing security permissions still apply (e.g. ports < 1024 requiring elevated privilege, SELinux, etc).
Do you have a specific attack or vector that is enabled or made worse by this addition? Regards, Joel Martin (kanaka) On Wed, Nov 13, 2013 at 1:35 AM, Piotr Grzybowski <narsil...@gmail.com>wrote: > Hi Everyone, hi Joel, > > the idea is nice, and I can really see that it is useful, but I would > be extremely careful with introducing those kind of changes, it can be > easily interpreted as "backdoor feature", that is: from security point > of view it could be a disaster. > > cheers, > pg > > > > On Tue, Nov 12, 2013 at 10:02 PM, Joel Martin <git...@martintribe.org> > wrote: > > Currently, an outbound socket connection (client) can be created using > the > > syntax: > > > > exec 5<> /dev/tcp/HOST/PORT > > > > This patch implements support for accepting incoming connections (server) > > using a slightly different syntax: > > > > exec 6<> /dev/tcp/HOST/:PORT # note the colon > > > > The listen/accept call will block until a connection is received and it > > will be bound to the redirection. > > > > Included in the patch is a small test that has an example of usage. I've > > also attach a minimal web server that leverages this functionality (pure > > bash except for a call to wc and cat). > > > > Please include me in Cc since I am not on the list. > > > > Thanks, > > > > Joel Martin (kanaka) >
