Nmap Development mailing list archives
Re: ncat - UNIX-domain sockets support
From: Tomas Hozza <thozza () redhat com>
Date: Wed, 21 Nov 2012 03:18:52 -0500 (EST)
Hi David. I basically reverted your commit which removed the automatic generation of name for temporary source socket, test from ncat-test.pl and changed documentation (ncat.xml). ----- Original Message -----
I agree now that Ncat should do something compatible. Would you produce a new patch (you can base it on your old patch) adding support for this automatic creation? The only thing is that we shouldn't use a hardcoded "/tmp". This page has a code example that reads the TMPDIR and TMP environment variables in addition to using mkstemp:
I used tempnam() function which uses TMPDIR and TMP, so "/tmp" is not hardcoded. It was done so also in the last bunch of patches.
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html#TEMPORARY-FILES
There is example of how to use tempnam function to be more safe, but unfortunately this can not be used in this case. The problem is that after the temporary name is generated, we are not opening/creating any file/socket. It is done later when calling bind() on the source socket FD together with the temporary name (so the socket binds to the path/name).
There is code in ncat_connect to delete the source socket, but 1) it deletes the file even if not automatically generated; i.e., if the user used --source, andActually it doesn't matter if it was generated or specified by user. It had to be created by Ncat when it was connecting and should be removed, because it is just temporary and only for the client to be able receive messages.This seems weird to me. If I make my own socket in the filesystem and tell Ncat to use it, I don't expect it to be deleted. But that's what netcat-openbsd does, and I think we should be compatible in this case.
Things are little bit different here. User does not create any socket in the filesystem and then tell Ncat to use it. User just tells Ncat to create the socket (when calling bind() - as already stated) with name/path he specified. So Ncat ALWAYS creates the source socket, user just has the opportunity to specify the path instead of letting Ncat to automatically generate it. Hope this explains it. Regards, Tomas Hozza
Attachment:
0001-Bring-back-autogeneration-of-src-DGRAM-socket-name.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Oct 04)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Oct 15)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 08)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 08)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 12)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 12)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 13)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 20)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 21)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 21)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 26)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 27)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 28)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 28)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 12)