The reason they decided to remove netcat is that they
"found" out netcat is hacker's tool via a google
search :-).
I explained to the "security" team that it really
depends on how they want to define hacker's tool.
Technically, I do not mind removing a package if there
is a good reason, I fail to see the reasoning.
Hence, I am interested to know whether anyone has
removed netcat and subsequently removed the yast2
stuff.
RBW
--- Roman Drahtmueller
Does anyone remove netcat from their environment?
Our security team likes to have netcat removed from SLES 9, however, the yast2 rpm depends on netcat. I am interested to know what functionalities I may lose in administrating the systems. I understand I will not be able to use yast, but I think I can manually update the config files, and do most of everything in command line, right?
Thank you. RBW
What I don't understand quite is what the benefit would be from removing the netcat program/package. It takes about 10 lines of C code to listen on a network socket, and if you have intruded a system, you'll be able to to things independently from the presence of a netcat program.
In addition to that: Try
netcat -lp 20000 | tar xfvvp - on the target system (here called t200), then run (on the sender system):
tar cfvv - some_files_you_want_to_be_transferred > /dev/tcp/t200/20000
and watch the probably fastest file transfer on a linux system in action. You have to be using a bash on the sender system for the /dev/tcp function, which is a bash feature. Means: It's not so easy to get rif of the useful functions of a linux system.
Roman.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com