Nmap Development mailing list archives
Re: ncat - UNIX-domain sockets support
From: David Fifield <david () bamsoftware com>
Date: Tue, 20 Nov 2012 22:15:26 -0800
On Tue, Nov 13, 2012 at 04:13:48AM -0500, Tomas Hozza wrote:
I'm not sure that automatic generation of a source socket filename is ready, so I removed it. Is this an essential feature that other netcats have?It is an essential feature for DATAGRAM UNIX domain sockets. When client connects to the server and doesn't create its own socket (source socket) it won't be able to receive any messages from the server. So if user connecting to a DATAGRAM UNIX domain socket didn't specified a source socket, then it has to be generated in order for client to receive messages from the server. Also older netcats had this feature.
Okay, I see this now in netcat-openbsd:
/* Get name of temporary socket for unix datagram client */
if ((family == AF_UNIX) && uflag && !lflag) {
if (sflag) {
unix_dg_tmp_socket = sflag;
} else {
strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX",
UNIX_DG_TMP_SOCKET_SIZE);
if (mkstemp(unix_dg_tmp_socket_buf) == -1)
err(1, "mkstemp");
unix_dg_tmp_socket = unix_dg_tmp_socket_buf;
}
}
I agree now that Ncat should do something compatible. Would you produce
a new patch (you can base it on your old patch) adding support for this
automatic creation? The only thing is that we shouldn't use a hardcoded
"/tmp". This page has a code example that reads the TMPDIR and TMP
environment variables in addition to using mkstemp:
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html#TEMPORARY-FILES
There is code in ncat_connect to delete the source socket, but 1) it deletes the file even if not automatically generated; i.e., if the user used --source, andActually it doesn't matter if it was generated or specified by user. It had to be created by Ncat when it was connecting and should be removed, because it is just temporary and only for the client to be able receive messages.
This seems weird to me. If I make my own socket in the filesystem and tell Ncat to use it, I don't expect it to be deleted. But that's what netcat-openbsd does, and I think we should be compatible in this case. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Oct 04)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Oct 15)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 08)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 08)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 12)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 12)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 13)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 20)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 21)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 21)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 26)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 27)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 28)
- Re: ncat - UNIX-domain sockets support David Fifield (Nov 28)
- Re: ncat - UNIX-domain sockets support Tomas Hozza (Nov 12)