On Fri, Apr 12, 2013 at 09:12:01PM -0400, Larry Hall (Cygwin) wrote: > On 4/12/2013 7:49 PM, Andrey Repin wrote: > >Greetings, Cary Lewis! > > > >>Are there any plans to add /dev/tcp/... support in Cygwin? > > > >Any use cases for that? > > Here's one: > > <http://www.linuxjournal.com/content/more-using-bashs-built-devtcp-file-tcpip> > > Bye, bye Chrome. ;-)
I have really mixed feelings about this feature of Bash. It can be a real lifesaver on systems where tools like wget, curl or even netcat are missing. On the other hand, it could be a big security risk: http://www.gnucitizen.org/blog/reverse-shell-with-bash/ http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Despite the ease of allowing a reverse shell or some other exploit to occur, I think there are far more powerful and exploitable holes in a system than Bash. But maybe I'm just not paranoid enough... -- Erik Falor http://unnovative.net Registered Linux User #445632 http://linuxcounter.net
signature.asc
Description: Digital signature
