[nylug-talk] Cute bash feature (redirect-network)
Michael Bacarella
mbac at netgraft.com
Thu Jun 14 13:07:27 EDT 2007
> > > $ cat < /dev/tcp/localhost/22
> > > SSH-1.99-OpenSSH_3.9p1
> > >
> > > I had no idea bash could do this until I saw it in a shell script.
> >
> > Wow, this is scary. Looks like it gives a lot of convenience to bad
> > guys who have access to a chrooted shell. Even worse, the restricted
> > mode doesn't disable this feature.
>
> I'm guessing this feature not only relies on the particular kernel that's
> installed, but also on the /dev/tcp device file being available. So I'd like
> to think that for a chrooted environment you could remove the device and not
> make mknod available.
Nope. Watch:
$ cat </dev/tcp/localhost/22
SSH-1.99-OpenSSH_3.9p1
$ cat /dev/tcp/localhost/22
cat: /dev/tcp/localhost/22: No such file or directory
More information about the nylug-talk
mailing list