Checking non-privileged access to port < 1024

[William Pursell <bill.pursell () gmail com>]

I've recently discovered ncat.  A very nice replacement
for the venerable nc.  Thanks to all who have
contributed to make ncat happen.

One observation, best shown with a patch:

diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c
index 2e05bd7..859dfd0 100644
--- a/ncat/ncat_main.c
+++ b/ncat/ncat_main.c
@@ -716,10 +716,6 @@ static int ncat_listen_mode(void) {
     if (o.idletimeout != 0)
         bye("An idle timeout only works in connect mode.");

-    /* If a non-root user tries to bind to a privileged port, Exit. */
-    if (o.portno < 1024 && !ncat_checkuid())
-        bye("Attempted a non-root bind() to a port <1024.");
-
     if (o.broker && o.cmdexec != NULL)
         bye("Invalid option combination: --broker and -e.");



It strikes me as inelegant to have the application check
whether or not bind will fail.  If the user doesn't
have access, then let bind fail.  If you apply the
above patch, then usage changes from:

$ ncat -l 345
Ncat: Attempted a non-root bind() to a port <1024. QUITTING.

to

$ ncat -l 345
bind: Permission denied

One could spruce up the error message on the bind failure
if desired, but the code simplification seems worthwhile,
and is overall more elegant.  In particular, it puts the
error check where it belongs (in the system, not the app).
Afterr all, you wouldn't write code like:

if( access( path )) {
    fprintf( stderr, "can't access %s\n", path );
    exit( EXIT_FAILURE );
}
fp = fopen( path, mode );
if( fp == NULL ) {
    perror( path );
    exit( EXIT_FAILURE );
}


Just a thought.


-- 
William Pursell
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/