This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: /dev/tcp support in bash shell

From: Erik Falor <ewfalor at gmail dot com>
To: cygwin at cygwin dot com
Date: Fri, 12 Apr 2013 21:40:53 -0600
Subject: Re: /dev/tcp support in bash shell
References: <CAEF1h+XeFoXmOm3EcNAWbGZ3GBDK0A0_=w8zZpC=PL9=awvqfw at mail dot gmail dot com> <1132116354 dot 20130413034910 at mtu-net dot ru> <5168B0E1 dot 3050808 at cygwin dot com>

On Fri, Apr 12, 2013 at 09:12:01PM -0400, Larry Hall (Cygwin) wrote:
> On 4/12/2013 7:49 PM, Andrey Repin wrote:
> >Greetings, Cary Lewis!
> >
> >>Are there any plans to add /dev/tcp/... support in Cygwin?
> >
> >Any use cases for that?
> 
> Here's one:
> 
> <http://www.linuxjournal.com/content/more-using-bashs-built-devtcp-file-tcpip>
> 
> Bye, bye Chrome. ;-)

I have really mixed feelings about this feature of Bash.  It can be a
real lifesaver on systems where tools like wget, curl or even netcat
are missing.  On the other hand, it could be a big security risk:

http://www.gnucitizen.org/blog/reverse-shell-with-bash/

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Despite the ease of allowing a reverse shell or some other exploit to
occur, I think there are far more powerful and exploitable holes in a
system than Bash.  But maybe I'm just not paranoid enough...

-- 
Erik Falor                                       http://unnovative.net
Registered Linux User #445632                  http://linuxcounter.net

Attachment: signature.asc
Description: Digital signature

References:
- /dev/tcp support in bash shell
  - From: Cary Lewis
- Re: /dev/tcp support in bash shell
  - From: Andrey Repin
- Re: /dev/tcp support in bash shell
  - From: Larry Hall (Cygwin)

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]