Re: ncat 5.10BETA handling of -l -p is not compatible with nc-1.10

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/09/2010 10:33 AM, Denys Vlasenko wrote:
> On Friday 08 January 2010 22:33, Fyodor wrote:
> > On Fri, Jan 08, 2010 at 05:32:00PM +0100, Denys Vlasenko wrote:
> > > Every reimplementation of netcat seems to try to break
> > > this syntax:
> > >
> > > nc -l -p 123    # listen on local port 123
> > >
> > > GNU nc, openbsd's nc all have it broken. And ncat is no exception.
> > > "You too, Brutus". IIRC they even break it in different ways -
> > > they have different ways to specify local port: as a parameter
> > > to -l option, as a standalone port parameter etc... AARRGGHH...
> > >
> > > This makes users' lives harder for no apparent benefit.
> > One difference between ncat and those other reimplementations is that
> > we don't use the name "nc".  So you can have both installed at once,
> > and if you specifically request "ncat", then you know what syntax
> > you're going to get.
>
> I heard that Fedora plans to ditch openbsd's implementation of nc
> and use ncat. They are going to rename it to nc (otherwise scripts
> which use nc would break).

If a third-party renames ncat to nc, then it looks like they'll deal with any
issues.  It's name is Ncat, not Netcat.

> > I think our syntax for listening on port 123 
> > ("ncat -l 123") is preferable to the longer "nc -l -p 123".
>
> Because it is shorter by 3 chars? Such insignificant
> advantage is not going to amuse people who would need
> to jump through hoops in their scripts (checking
> "nc --version" and such) just in order to open a listening
> socket.

I am the one who made this change to Ncat:


r8740 | kris | 2008-07-09 14:24:56 -0500 (Wed, 09 Jul 2008) | 16 lines

Redesign of --listen.  Instead of -l specifying the port to listen on and -s
specifying the address to bind to, it now accepts the local address and port
like it does the address and port to connect to.  You can still leave out the
address to accept connections from any address.

Before: ncat -l 80 -s 192.168.0.11

Now: ncat -l 192.168.0.11 80

This is the behavior of OpenBSD netcat, in contrast to traditional netcat.
Traditional netcat uses the -p option to specify the local port number, but
the OpenBSD behavior (and now new ncat behavior) seems much more natural IMO.
Thoughts?  I'll mention this to nmap-dev when I email asking about wanted
features, etc.



I did indeed mention this to nmap-dev[1], and I don't recall complaints.

Besides, a simple check for the executable ncat should be enough to know what
you're doing.  No "nc --version" or anything, because it's not called nc.


> Do you understand why compatibility is important?

Do you understand why convenience is important?  We as authors and users
shouldn't be stuck with command arguments from over a decade ago when we can
have better.  Ncat and many others are full of options not present in the
traditional netcat, so anybody utilizing these in scripts must already take
specific versions into account.  Again, it's not even named nc.

And if you're complaining about Fedora or anybody else who may rename ncat to
nc, I think you need to complain to them about compatibility since we're not
doing it.

> > That being said, I also agree with David that it would be reasonable
> > for us to just "do what the user wants" in the -l -p case.  At least
> > as long as the code change is simple.  I think a warning message would
> > still be warranted, at least in verbose mode.
>
> What's wrong with simply keeping compatibility with original nc?
> What are the drawbacks?

Have you complained to every non-conforming "netcat"?

Yet again: it's not named nc.  When you call Ncat you don't have to worry
about what's what.  And it's not even like Ncat has some completely different
set of arguments.  It's similar to various nc's and has the -l style of
OpenBSD nc.


Kris Katterjohn

[1] http://seclists.org/nmap-dev/2008/q3/110

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJLSZQ0AAoJEEQxgFs5kUfuFyAP/1ZgfgedUynr6WJA29yydOvk
Oq2u70jDf4l3i8G3GAQ9VyM260x3ELpe9Sj3+gO+4I8zuvvTHGLJqwkH/e9cPFKx
TdaoJaYFTAOd9FgBt1V6fPpWs5IbJQcNW2JDNOo1svSPSFORvziZBzQcE7JBUQqR
FYBZv9gsKwfBOzyndR9fXCwI0cLFDpklKJ4cRGec4mAXPndnrpK0bvdY2BSmmjVP
+pmFcIplPJQYuhIQwfvdlSe0DAydAk6XWTsPPlONxHSl8QvTwZzgRraI2KDz/OO/
bMub+kFHiJgqLzrGsmUhl2DJXACToiJNMQZhGb/isCDXFSGELiiv1RShWky1ZvzC
RkO3vMvEuFyIIxTr9ALSnnpceCRiEuwSNkj1p3BavCv5g4K53DLawzPkwb7iJ6kT
aGUmlKh5rmvlN2/Xf1c/x18Ba4z9bdpVIQAB5NpTGa95FaZDrzRm559D85Ec94Mr
OUKDtTh8vOJmTjXXjJOysP4Hox0rDTh8fZefjmcIxbdl7C7Z6tic4StzZwpdDAXq
d8forKRZ3Y349u3hP+feX8h7AAQd+ZYxA4scS1OgHkDEwNTfcPKk5dswdBRz2CNe
CJMSF9TxkTZz0OVEinik2BXpUJti3Icq1lRwUoH9rXGrqqO2s+Dm3nBZZE9rWIYo
plMhDu0HfLuKo/6ljzr9
=Ytus
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/