/dev/tcp support in bash shell
Erik Falor
ewfalor@gmail.com
Sun Apr 14 05:35:00 GMT 2013
On Fri, Apr 12, 2013 at 09:12:01PM -0400, Larry Hall (Cygwin) wrote:
> On 4/12/2013 7:49 PM, Andrey Repin wrote:
> >Greetings, Cary Lewis!
> >
> >>Are there any plans to add /dev/tcp/... support in Cygwin?
> >
> >Any use cases for that?
>
> Here's one:
>
> <http://www.linuxjournal.com/content/more-using-bashs-built-devtcp-file-tcpip>
>
> Bye, bye Chrome. ;-)
I have really mixed feelings about this feature of Bash. It can be a
real lifesaver on systems where tools like wget, curl or even netcat
are missing. On the other hand, it could be a big security risk:
http://www.gnucitizen.org/blog/reverse-shell-with-bash/
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Despite the ease of allowing a reverse shell or some other exploit to
occur, I think there are far more powerful and exploitable holes in a
system than Bash. But maybe I'm just not paranoid enough...
--
Erik Falor http://unnovative.net
Registered Linux User #445632 http://linuxcounter.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://cygwin.com/pipermail/cygwin/attachments/20130414/63ea4ee7/attachment.sig>
More information about the Cygwin
mailing list