Nmap Development mailing list archives
Re: Checking non-privileged access to port < 1024
From: David Fifield <david () bamsoftware com>
Date: Thu, 29 Apr 2010 10:59:39 -0600
On Thu, Apr 29, 2010 at 06:05:41AM -1000, William Pursell wrote:
I've recently discovered ncat. A very nice replacement for the venerable nc. Thanks to all who have contributed to make ncat happen. One observation, best shown with a patch: diff --git a/ncat/ncat_main.c b/ncat/ncat_main.c index 2e05bd7..859dfd0 100644 --- a/ncat/ncat_main.c +++ b/ncat/ncat_main.c @@ -716,10 +716,6 @@ static int ncat_listen_mode(void) { if (o.idletimeout != 0) bye("An idle timeout only works in connect mode."); - /* If a non-root user tries to bind to a privileged port, Exit. */ - if (o.portno < 1024 && !ncat_checkuid()) - bye("Attempted a non-root bind() to a port <1024."); - if (o.broker && o.cmdexec != NULL) bye("Invalid option combination: --broker and -e."); It strikes me as inelegant to have the application check whether or not bind will fail. If the user doesn't have access, then let bind fail.
You're absolutely right. I removed that code and now the error message looks like this: $ ./ncat -l 345 Ncat: bind to 0.0.0.0:345: Permission denied. QUITTING. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Checking non-privileged access to port < 1024 William Pursell (Apr 29)
- Re: Checking non-privileged access to port < 1024 David Fifield (Apr 29)