Nmap Development mailing list archives
Checking non-privileged access to port < 1024
From: William Pursell <bill.pursell () gmail com>
Date: Thu, 29 Apr 2010 06:05:41 -1000
I've recently discovered ncat. A very nice replacement for the venerable nc. Thanks to all who have contributed to make ncat happen. One observation, best shown with a patch: diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c index 2e05bd7..859dfd0 100644 --- a/ncat/ncat_main.c +++ b/ncat/ncat_main.c @@ -716,10 +716,6 @@ static int ncat_listen_mode(void) { if (o.idletimeout != 0) bye("An idle timeout only works in connect mode."); - /* If a non-root user tries to bind to a privileged port, Exit. */ - if (o.portno < 1024 && !ncat_checkuid()) - bye("Attempted a non-root bind() to a port <1024."); - if (o.broker && o.cmdexec != NULL) bye("Invalid option combination: --broker and -e."); It strikes me as inelegant to have the application check whether or not bind will fail. If the user doesn't have access, then let bind fail. If you apply the above patch, then usage changes from: $ ncat -l 345 Ncat: Attempted a non-root bind() to a port <1024. QUITTING. to $ ncat -l 345 bind: Permission denied One could spruce up the error message on the bind failure if desired, but the code simplification seems worthwhile, and is overall more elegant. In particular, it puts the error check where it belongs (in the system, not the app). Afterr all, you wouldn't write code like: if( access( path )) { fprintf( stderr, "can't access %s\n", path ); exit( EXIT_FAILURE ); } fp = fopen( path, mode ); if( fp == NULL ) { perror( path ); exit( EXIT_FAILURE ); } Just a thought. -- William Pursell _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Checking non-privileged access to port < 1024 William Pursell (Apr 29)
- Re: Checking non-privileged access to port < 1024 David Fifield (Apr 29)