Re: [PATCH] bash: add socket server support

[Joel Martin]

Hi Piotr,

Thanks for the feedback. I don't believe this functionality changes the
attack surface. Most systems with bash also have nc/netcat or an equivalent
program which can do the same thing. Even the nc version in busybox has
listen capability. In fact, if you can create a file with arbitrary content
and mark it as executable then you have access to the system calls needed
to listen on a socket. All existing security permissions still apply (e.g.
ports < 1024 requiring elevated privilege, SELinux, etc).

Do you have a specific attack or vector that is enabled or made worse by
this addition?

Regards,

Joel Martin (kanaka)


On Wed, Nov 13, 2013 at 1:35 AM, Piotr Grzybowski <narsil.pl@gmail.com>wrote:

> Hi Everyone, hi Joel,
>
>  the idea is nice, and I can really see that it is useful, but I would
> be extremely careful with introducing those kind of changes, it can be
> easily interpreted as "backdoor feature", that is: from security point
> of view it could be a disaster.
>
> cheers,
> pg
>
>
>
> On Tue, Nov 12, 2013 at 10:02 PM, Joel Martin <github@martintribe.org>
> wrote:
> > Currently, an outbound socket connection (client) can be created using
> the
> > syntax:
> >
> > exec 5<> /dev/tcp/HOST/PORT
> >
> > This patch implements support for accepting incoming connections (server)
> > using a slightly different syntax:
> >
> > exec 6<> /dev/tcp/HOST/:PORT   # note the colon
> >
> > The listen/accept call will block until a connection is received and it
> > will be bound to the redirection.
> >
> > Included in the patch is a small test that has an example of usage. I've
> > also attach a minimal web server that leverages this functionality (pure
> > bash except for a call to wc and cat).
> >
> > Please include me in Cc since I am not on the list.
> >
> > Thanks,
> >
> > Joel Martin (kanaka)
>