From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 01 15:09:30 2017 Received: (at submit) by debbugs.gnu.org; 1 Dec 2017 20:09:30 +0000 Received: from localhost ([127.0.0.1]:40544 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eKrcf-0003Zc-UR for submit@debbugs.gnu.org; Fri, 01 Dec 2017 15:09:29 -0500 Received: from eggs.gnu.org ([208.118.235.92]:46200) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eKrcZ-0003ZL-BM for submit@debbugs.gnu.org; Fri, 01 Dec 2017 15:09:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eKrcS-0000QI-Pf for submit@debbugs.gnu.org; Fri, 01 Dec 2017 15:09:10 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:36151) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eKrcS-0000Q8-LB for submit@debbugs.gnu.org; Fri, 01 Dec 2017 15:09:08 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37162) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eKrcR-0000pe-7c for guix-patches@gnu.org; Fri, 01 Dec 2017 15:09:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eKrcO-0000Nz-0S for guix-patches@gnu.org; Fri, 01 Dec 2017 15:09:07 -0500 Received: from aibo.runbox.com ([91.220.196.211]:48740) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eKrcN-0000LP-O2 for guix-patches@gnu.org; Fri, 01 Dec 2017 15:09:03 -0500 Received: from [10.9.9.212] (helo=mailfront12.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1eKUjC-0006ro-Ss for guix-patches@gnu.org; Thu, 30 Nov 2017 20:42:34 +0100 Received: from dslb-088-078-087-251.088.078.pools.vodafone-ip.de ([88.78.87.251] helo=localhost) by mailfront12.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1eKUj6-0002bP-Qd for guix-patches@gnu.org; Thu, 30 Nov 2017 20:42:29 +0100 Date: Thu, 30 Nov 2017 19:42:27 +0000 From: ng0 To: guix-patches@gnu.org Subject: Add blacknurse Message-ID: <20171130194227.bpe4l2ccvcrr5spb@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="z6rce7pqd3nqm3pe" Content-Disposition: inline X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --z6rce7pqd3nqm3pe Content-Type: multipart/mixed; boundary="rqofh6lqbi27z6zc" Content-Disposition: inline --rqofh6lqbi27z6zc Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable A package from my pen-testing repo. --=20 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is --rqofh6lqbi27z6zc Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-Add-blacknurse.patch" Content-Transfer-Encoding: quoted-printable =46rom 4aa7ccc47c588e1383d1ea34024b900611317dea Mon Sep 17 00:00:00 2001 =46rom: ng0 Date: Thu, 30 Nov 2017 19:39:07 +0000 Subject: [PATCH] gnu: Add blacknurse. * gnu/packages/networking.scm (blacknurse): New variable. --- gnu/packages/networking.scm | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm index 1f4906b7b..b8ade6468 100644 --- a/gnu/packages/networking.scm +++ b/gnu/packages/networking.scm @@ -8,7 +8,7 @@ ;;; Copyright =C2=A9 2016 John Darrington ;;; Copyright =C2=A9 2016, 2017 Nicolas Goaziou ;;; Copyright =C2=A9 2016 Eric Bavier -;;; Copyright =C2=A9 2016, 2017 ng0 +;;; Copyright =C2=A9 2016, 2017 ng0 ;;; Copyright =C2=A9 2016, 2017 Arun Isaac ;;; Copyright =C2=A9 2016 Benz Schenk ;;; Copyright =C2=A9 2016, 2017 Pjotr Prins @@ -38,6 +38,7 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) #:use-module (guix download) + #:use-module (guix git-download) #:use-module (guix build-system cmake) #:use-module (guix build-system glib-or-gtk) #:use-module (guix build-system gnu) @@ -1536,3 +1537,39 @@ at the IP layer and link layer, as well as a host of= supplementary functionality. Using libnet, quick and simple packet assembly applications can be whipped up with little effort.") (license license:bsd-2))) + +(define-public blacknurse + (let* ((commit "d2a2b23544295844714ebf8d2d78af37fe5770c9") + (revision "1")) + (package + (name "blacknurse") + (version (string-append "0.0.0-" revision "." (string-take commit 7)= )) + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/jedisct1/blacknurse") + (commit commit))) + (file-name (string-append name "-" version)) + (sha256 + (base32 + "1w7zmcrnrs4p4naj3i6h1wcmd56dgrfd7myx0ljhw162sg0134nz")))) + (build-system gnu-build-system) + (arguments + `(#:make-flags (list "CC=3Dgcc") + #:tests? #f ; No tests + #:phases + (modify-phases %standard-phases + (delete 'configure) ; No configure script + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let* ((out (assoc-ref outputs "out")) + (bin (string-append out "/bin"))) + (install-file "blacknurse" bin))))))) + (home-page "https://github.com/jedisct1/blacknurse") + (synopsis "Proof of Concept for the Blacknurse attack") + (description + "Simple Proof of Concept for the Blacknurse attack. +Blacknurse is a low bandwidth ICMP attack that is capable of doing denial +of service to well known firewalls.") + (license license:bsd-2)))) --=20 2.15.0 --rqofh6lqbi27z6zc-- --z6rce7pqd3nqm3pe Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlogXyMACgkQ4i+bv+40 hYhIJw//YyKKsWb9R12g2dTXlFlxfQMW9uJ7WuZFZvb7pS3NMiHrere3IxnbEQBP M8LaLCO1RDQ+f63mAayers1i1WzpUzUKBpNT3LhkTFghpc2DIH89zUzCy2JINz8y CSky8ToT+VhvKEjG7DFLGv5og6eNT5mEcR+8D8LFxnE5h6Kg38dKbiI53fu6UhEu LALIhV3Yo1jQ3THDl0LekV0kgW9wuf1BOi12/cLMl+L/NJzk+3HS3hvZCP481wCy DdGkDrD/EO/7F+Qh2fhMzrBcbAevf338YyIhYUFS59eVzYbOPaiBVexG4QytE/25 /+nSmav1i2xppTiI5vJfbnlZFDujPwl02hFoDOkuE2flDVHqsll2cPQs/Yu7s7R2 EePw5u3xE0P2CZrO5dnPejK2haa8D/mWV9hJ6lSJDkOgXSP7Rc67Cw1XzMPQ7J6B q6XKRMMdt3MSswhEegXsdYYgCqTQm7XbJTNU+LGZ9YpC/0BmSzRIXjGSIO5OqZVP J2FjDVtuV/E2wftI7PXhqEAIoHYq+F/5yF9pIszbHcLe8Nm3AQU4vj7soXUanyA1 U53tTn9mzeyMX7v45dCYmJmZFEwJnhWftYLGeuALSqhoxv7c5LvONrKVPPbFIDwR zER3F/Jzlu+0JD/nvu0lDaGcNCR2U7xhDMSqTnEKPG89QjtrEPM= =yxzk -----END PGP SIGNATURE----- --z6rce7pqd3nqm3pe-- From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 03 18:00:53 2017 Received: (at 29528) by debbugs.gnu.org; 3 Dec 2017 23:00:53 +0000 Received: from localhost ([127.0.0.1]:43943 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLdFk-0005uJ-Tq for submit@debbugs.gnu.org; Sun, 03 Dec 2017 18:00:53 -0500 Received: from sender-of-o51.zoho.com ([135.84.80.216]:21019) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLdFj-0005uB-Eh for 29528@debbugs.gnu.org; Sun, 03 Dec 2017 18:00:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1512342011; s=zoho; d=elephly.net; i=rekado@elephly.net; h=References:From:To:Cc:Subject:In-reply-to:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; l=1982; bh=3+D3okj7/9wiCWQt7B9K1O3Qe0LuFT05wgnTRiyBhjg=; b=azMae4+VFNCGguaolnXYBGwkR6ND9J6DYaWxBEonyyHNuoHoZlkYIBUKbIAR7aMP 0gNsWFL8E4/EHnemMIQ7BGhi1E20G7BJlCOQBjmnQdSNhzggcK2YwkpMoW+9LUQNuUn ObCfESymdVHcaOUrmqDG1qgkkOmWzWLfZeavaILc= Received: from localhost (port-92-200-98-40.dynamic.qsc.de [92.200.98.40]) by mx.zohomail.com with SMTPS id 1512342011779482.19023080623094; Sun, 3 Dec 2017 15:00:11 -0800 (PST) References: <20171130194227.bpe4l2ccvcrr5spb@abyayala> User-agent: mu4e 0.9.18; emacs 25.3.1 From: Ricardo Wurmus To: ng0 Subject: Re: [bug#29528] Add blacknurse In-reply-to: <20171130194227.bpe4l2ccvcrr5spb@abyayala> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Mon, 04 Dec 2017 00:00:08 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <874lp74dtz.fsf@elephly.net> X-ZohoMailClient: External X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 29528 Cc: 29528@debbugs.gnu.org, ludo@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hi ng0, > +(define-public blacknurse > + (let* ((commit "d2a2b23544295844714ebf8d2d78af37fe5770c9") > + (revision "1")) > + (package > + (name "blacknurse") > + (version (string-append "0.0.0-" revision "." (string-take commit = 7))) > + (source > + (origin > + (method git-fetch) > + (uri (git-reference > + (url "https://github.com/jedisct1/blacknurse") > + (commit commit))) > + (file-name (string-append name "-" version)) This should be =E2=80=9C(file-name (string-append name "-" version "-checko= ut"))=E2=80=9D. > + (sha256 > + (base32 > + "1w7zmcrnrs4p4naj3i6h1wcmd56dgrfd7myx0ljhw162sg0134nz")))) > + (build-system gnu-build-system) > + (arguments > + `(#:make-flags (list "CC=3Dgcc") > + #:tests? #f ; No tests > + #:phases > + (modify-phases %standard-phases > + (delete 'configure) ; No configure script > + (replace 'install > + (lambda* (#:key outputs #:allow-other-keys) > + (let* ((out (assoc-ref outputs "out")) > + (bin (string-append out "/bin"))) > + (install-file "blacknurse" bin))))))) This should end on #t. > + (home-page "https://github.com/jedisct1/blacknurse") > + (synopsis "Proof of Concept for the Blacknurse attack") > + (description > + "Simple Proof of Concept for the Blacknurse attack. > +Blacknurse is a low bandwidth ICMP attack that is capable of doing denia= l > +of service to well known firewalls.") The first fragment is not a full sentence. Looking at this package I wonder why it should be part of Guix as it is merely malware. I don=E2=80=99t see any reason why this should be installa= ble through Guix. We are not in the habit of providing packages for exploits. Putting it in =E2=80=9Cnetworking=E2=80=9D makes it seem like th= is would be a useful networking application, but it really is not. It just demonstrates a bug in networked devices. @Ludo: what do you think? -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 03 18:49:20 2017 Received: (at 29528) by debbugs.gnu.org; 3 Dec 2017 23:49:20 +0000 Received: from localhost ([127.0.0.1]:43968 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLe0d-00072M-QE for submit@debbugs.gnu.org; Sun, 03 Dec 2017 18:49:20 -0500 Received: from aibo.runbox.com ([91.220.196.211]:58588) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLe0b-00072F-Jz for 29528@debbugs.gnu.org; Sun, 03 Dec 2017 18:49:18 -0500 Received: from [10.9.9.210] (helo=mailfront10.runbox.com) by mailtransmit03.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1eLe0X-0002oa-Ud; Mon, 04 Dec 2017 00:49:14 +0100 Received: from dslb-188-109-221-228.188.109.pools.vodafone-ip.de ([188.109.221.228] helo=localhost) by mailfront10.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1eLe0V-0007Wl-QV; Mon, 04 Dec 2017 00:49:11 +0100 Date: Sun, 3 Dec 2017 23:49:10 +0000 From: ng0 To: Ricardo Wurmus Subject: Re: [bug#29528] Add blacknurse Message-ID: <20171203234910.w22jwdr6fzdxe26i@abyayala> References: <20171130194227.bpe4l2ccvcrr5spb@abyayala> <874lp74dtz.fsf@elephly.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2phngdegnrlm4qdv" Content-Disposition: inline In-Reply-To: <874lp74dtz.fsf@elephly.net> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 29528 Cc: 29528@debbugs.gnu.org, ludo@gnu.org, ng0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --2phngdegnrlm4qdv Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ricardo Wurmus transcribed 2.1K bytes: >=20 > Hi ng0, >=20 > > +(define-public blacknurse > > + (let* ((commit "d2a2b23544295844714ebf8d2d78af37fe5770c9") > > + (revision "1")) > > + (package > > + (name "blacknurse") > > + (version (string-append "0.0.0-" revision "." (string-take commi= t 7))) > > + (source > > + (origin > > + (method git-fetch) > > + (uri (git-reference > > + (url "https://github.com/jedisct1/blacknurse") > > + (commit commit))) > > + (file-name (string-append name "-" version)) >=20 > This should be =E2=80=9C(file-name (string-append name "-" version "-chec= kout"))=E2=80=9D. >=20 > > + (sha256 > > + (base32 > > + "1w7zmcrnrs4p4naj3i6h1wcmd56dgrfd7myx0ljhw162sg0134nz")))) > > + (build-system gnu-build-system) > > + (arguments > > + `(#:make-flags (list "CC=3Dgcc") > > + #:tests? #f ; No tests > > + #:phases > > + (modify-phases %standard-phases > > + (delete 'configure) ; No configure script > > + (replace 'install > > + (lambda* (#:key outputs #:allow-other-keys) > > + (let* ((out (assoc-ref outputs "out")) > > + (bin (string-append out "/bin"))) > > + (install-file "blacknurse" bin))))))) >=20 > This should end on #t. >=20 > > + (home-page "https://github.com/jedisct1/blacknurse") > > + (synopsis "Proof of Concept for the Blacknurse attack") > > + (description > > + "Simple Proof of Concept for the Blacknurse attack. > > +Blacknurse is a low bandwidth ICMP attack that is capable of doing den= ial > > +of service to well known firewalls.") >=20 > The first fragment is not a full sentence. >=20 > Looking at this package I wonder why it should be part of Guix as it is > merely malware. I don=E2=80=99t see any reason why this should be instal= lable > through Guix. We are not in the habit of providing packages for > exploits. Putting it in =E2=80=9Cnetworking=E2=80=9D makes it seem like = this would be a > useful networking application, but it really is not. It just > demonstrates a bug in networked devices. >=20 > @Ludo: what do you think? >=20 > -- > Ricardo >=20 > GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC > https://elephly.net To some extent I agree, I'm just probing where we draw the line in pen-testing software. I have a repository for those, and I'll add a comment to get an idea for what we decide on. blacknurse for me was a grey area in a new class of pen-testing software I haven't sent before. Software written with malicious intentions or such that can be interpreted / used with those has a broad range, some of it will be okay for us in Guix, some of it won't be okay. I draw the line at explicitly malicious. Blacknurse was kinda okay for me, but I think your comment is enough to let me put it in the case-by-case 'malicious' category. Runs an PoC exploit targeted at launching an attack against unpatched firewalls -> bad. Eventually this should help getting a list of example software we will not accept in Guix, if someone else tries. --=20 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is --2phngdegnrlm4qdv Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAlokjXYACgkQ4i+bv+40 hYjBxxAAh0tJW9UflQL8DlWl7u0iJETy2SWI1VheB8h5c3itT9ZiGxcTNNzhR28r Obz/mTz50b3NHb+HajwCRLE3IKlYI7AhY2U0tddgmFawziAQTVmquud9YFwVHNYE flxva+0FOBQiPxX1GfMCuVrwTTJWUG/38wYtwxxnvGRw4p53+DZ3OjWt9Goefw9w G1/uk6pcS4/L3zZ/WFqtoAvRi6Xeo3ZDRCmhfw0aSKCc+FqVveZywq74SmOoQHDt hZkUgQJX47lSWodcjfIwQJ+6nktoOH15G0KL71WFeDuSrzjfozJ0Mj5SqAJCMXGj 4EUGM2hFeRR8TNauidq4R+k8iyGbYCqWR88Whaola81SnVU70OpEIWPo3M+Hjdf4 KjexXRSVhImp3KlMRhj7NNbgrdt1Sf/AqS0tPxQQrJfn+EflNv4WMtlDIbRE3r3U YNeSmFbHZ17LtCPJ/riUuOIEb+VqB8nX0AdutX7/dWw9d/SHAKU3ph2sNrOL1MTH KefjGH4Y56PffB0RB5gGHf+H22geAlOyJ2jKw1WD0fHInPdGGit0xN1scNFsyn1z eW5PAp4H5ZaGgKiPktGR2QWf1xQxpSqrGT41Zyp2YKlBWxmIeb0sXiDdsT9Rx5F4 vRpF3faXDWUfBPy7n44fdhrS15u4k3o/2usrnyaYfWu8602FK3g= =eo3s -----END PGP SIGNATURE----- --2phngdegnrlm4qdv-- From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 04 03:41:35 2017 Received: (at 29528) by debbugs.gnu.org; 4 Dec 2017 08:41:35 +0000 Received: from localhost ([127.0.0.1]:44261 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLmJj-0006kA-37 for submit@debbugs.gnu.org; Mon, 04 Dec 2017 03:41:35 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:41012) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLmJh-0006k2-LE for 29528@debbugs.gnu.org; Mon, 04 Dec 2017 03:41:34 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 1015D10025; Mon, 4 Dec 2017 09:41:36 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wN1KEuQW0NWV; Mon, 4 Dec 2017 09:41:35 +0100 (CET) Received: from ribbon (unknown [193.50.110.211]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 0A507E53A; Mon, 4 Dec 2017 09:41:34 +0100 (CET) From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Ricardo Wurmus Subject: Re: [bug#29528] Add blacknurse References: <20171130194227.bpe4l2ccvcrr5spb@abyayala> <874lp74dtz.fsf@elephly.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 14 Frimaire an 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 04 Dec 2017 09:41:31 +0100 In-Reply-To: <874lp74dtz.fsf@elephly.net> (Ricardo Wurmus's message of "Mon, 04 Dec 2017 00:00:08 +0100") Message-ID: <87fu8qsx50.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 29528 Cc: 29528@debbugs.gnu.org, ng0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Hi, Ricardo Wurmus skribis: >> + (home-page "https://github.com/jedisct1/blacknurse") >> + (synopsis "Proof of Concept for the Blacknurse attack") >> + (description >> + "Simple Proof of Concept for the Blacknurse attack. >> +Blacknurse is a low bandwidth ICMP attack that is capable of doing deni= al >> +of service to well known firewalls.") > > The first fragment is not a full sentence. > > Looking at this package I wonder why it should be part of Guix as it is > merely malware. I don=E2=80=99t see any reason why this should be instal= lable > through Guix. We are not in the habit of providing packages for > exploits. Putting it in =E2=80=9Cnetworking=E2=80=9D makes it seem like = this would be a > useful networking application, but it really is not. It just > demonstrates a bug in networked devices. > > @Ludo: what do you think? Indeed. I see two issues here: 1. a =E2=80=9Cproof of concept=E2=80=9D is typically something for expert= s of the field to study, rather than generally useful software; 2. it=E2=80=99s a tool whose purpose is to perform DoS attacks on routers= , and I find it questionable to provide it in Guix (not to mention that there=E2=80=99s no shortage of such programs that we could add!). So overall I=E2=80=99m reluctant to including it in Guix. Thoughts? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 04 11:18:28 2017 Received: (at 29528-done) by debbugs.gnu.org; 4 Dec 2017 16:18:28 +0000 Received: from localhost ([127.0.0.1]:45691 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLtRs-0004hl-6y for submit@debbugs.gnu.org; Mon, 04 Dec 2017 11:18:28 -0500 Received: from aibo.runbox.com ([91.220.196.211]:43950) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLtRp-0004ha-Aq for 29528-done@debbugs.gnu.org; Mon, 04 Dec 2017 11:18:26 -0500 Received: from [10.9.9.211] (helo=mailfront11.runbox.com) by mailtransmit02.runbox with esmtp (Exim 4.86_2) (envelope-from ) id 1eLtRk-0002GX-9v; Mon, 04 Dec 2017 17:18:20 +0100 Received: from dslb-092-073-137-015.092.073.pools.vodafone-ip.de ([92.73.137.15] helo=localhost) by mailfront11.runbox.com with esmtpsa (uid:892961 ) (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) id 1eLtRR-0003AE-Et; Mon, 04 Dec 2017 17:18:01 +0100 Date: Mon, 4 Dec 2017 16:18:00 +0000 From: ng0 To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#29528] Add blacknurse Message-ID: <20171204161800.oyqxqpshuaoqkuan@abyayala> Mail-Followup-To: Ludovic =?utf-8?Q?Court=C3=A8s?= , Ricardo Wurmus , 29528-done@debbugs.gnu.org, guix-devel@gnu.org References: <20171130194227.bpe4l2ccvcrr5spb@abyayala> <874lp74dtz.fsf@elephly.net> <87fu8qsx50.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="k7lyfjtkpxnq4kgu" Content-Disposition: inline In-Reply-To: <87fu8qsx50.fsf@gnu.org> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 29528-done Cc: Ricardo Wurmus , guix-devel@gnu.org, 29528-done@debbugs.gnu.org, ng0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --k7lyfjtkpxnq4kgu Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s transcribed 1.4K bytes: > Hi, >=20 > Ricardo Wurmus skribis: >=20 > >> + (home-page "https://github.com/jedisct1/blacknurse") > >> + (synopsis "Proof of Concept for the Blacknurse attack") > >> + (description > >> + "Simple Proof of Concept for the Blacknurse attack. > >> +Blacknurse is a low bandwidth ICMP attack that is capable of doing de= nial > >> +of service to well known firewalls.") > > > > The first fragment is not a full sentence. > > > > Looking at this package I wonder why it should be part of Guix as it is > > merely malware. I don=E2=80=99t see any reason why this should be inst= allable > > through Guix. We are not in the habit of providing packages for > > exploits. Putting it in =E2=80=9Cnetworking=E2=80=9D makes it seem lik= e this would be a > > useful networking application, but it really is not. It just > > demonstrates a bug in networked devices. > > > > @Ludo: what do you think? >=20 > Indeed. I see two issues here: >=20 > 1. a =E2=80=9Cproof of concept=E2=80=9D is typically something for expe= rts of the > field to study, rather than generally useful software; Hm... We have some proof of work implementations of software in Guix I think. In addition I'd think that there are many more professionals only software. So PoC as an issues is a non-issue to me as long as it works. > 2. it=E2=80=99s a tool whose purpose is to perform DoS attacks on route= rs, and > I find it questionable to provide it in Guix (not to mention that > there=E2=80=99s no shortage of such programs that we could add!). And this is the real issue. I fully agree with the statements and views on this software made by Ricardo and yourself. I'm taking most of these software from BlackArch, Kali and other distro-builder distros targeted at pen-testing professionals in addition to the commercial solutions. Some of these don't even have license statements, I had chats with BlackArch to correct a large batch of their own script'ish software. > So overall I=E2=80=99m reluctant to including it in Guix. >=20 > Thoughts? >=20 > Ludo=E2=80=99. I haven't read the Documentation in a while, but do we define anything besides the requirement that a software needs to fit into the GNU FSDG? I mean more specifically, do we want to come up with a definition for software (such as this) that won't be included at all, or do we decide individually per case? I myself now know what we have agreed upon here, I just don't know if it would make more sense to define it in the Handbook. There's a whole lot of software similar to this out there. For example: I have a collection of isolated viruses somewhere that is intended for study only. Of course I know this is definitely not something we should distribute in master, but there are certain cases where people wouldn't know wether this is okay to distribute from the official side or not. In addition to my main projects I'm lowkey working on some kind of pen-testing repository, so that it can serve as a base for a flavor of my mechanism for custom distro building automation. Based on the general mechanism of creating official flavors I could test the ability to extend on this with for example the theme of pen-testing. Some of the software can find it way into Guix (some already has), a large amount of it won't (for obvious reasons). I'm CC'ing devel and closing this bug, so that we can discuss - if necessary - the problem of pointing out software like this in and their restriction in the Handbook. Thanks, N. --=20 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys WWW: https://n0.is --k7lyfjtkpxnq4kgu Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAloldTgACgkQ4i+bv+40 hYjTORAAuLj9QPGk5rqBUdUkmoVITFZekPEZQac94mHWvZqTjeMl7tFn3FxtuPrs hG+erk4WXwOuCjAVaUCThWd2mignEldeGf4eZiKqUFyUNlpLeqIw/UdGAUIEJJtD kjw863mEs+IZ2brjFYp1EwRJO7S5te8i+S+phLBzpYvA/QmSjQpG1FNlTQ7sXvtP Bn8N2srzvVs6Lvy1rEQfV7F6szOm8U59D2qCXLMj/XQiNTBez/cqOUrr/NYkImvI DFVxkBqGwTEAPhTqLQ4V2kxIycceMZqFGSYgJnQ3cjCQn+UNojlO5fhsmfHUo4gP C6w8rEocdfCcmDuSa+uIKRwpq5PhsXUalvlnPHM0wS6kVouSIgjMbw+gBC2RJXTK znt4SsVzb1ahR/mEeoWEN7rOy/6i49oIMkc1iDGbaBQ57ERnaORUt+rFSr3HP7le 6LETMdKlZuVcJqUIxH8rq9xBhPggEPBnlOVE4Rk/85JEN5d6ShkmVsBXo927Xg3g AN6wyCxtjkfZ2AWA+9D+wPbmmveHOI7mY6nG2w4p5sHaeOl42xvGprovCZEUNkHF OPPEV53MNntegSd1T+AKu3uEJ4Qu+0m+CMGBWwijxCsRG2X6R0OxzzlFMDrh3BH0 Y5G5qo4JRChXm+H33+nmn43DX/mYP0PQmmoRtXN/1y3IY9ixFfE= =Gm+9 -----END PGP SIGNATURE----- --k7lyfjtkpxnq4kgu-- From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 04 13:24:31 2017 Received: (at 29528) by debbugs.gnu.org; 4 Dec 2017 18:24:31 +0000 Received: from localhost ([127.0.0.1]:45841 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLvPq-0003CA-SS for submit@debbugs.gnu.org; Mon, 04 Dec 2017 13:24:31 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:48869) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1eLvPp-0003C3-W0 for 29528@debbugs.gnu.org; Mon, 04 Dec 2017 13:24:30 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 9CF1320BDA; Mon, 4 Dec 2017 13:24:29 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 04 Dec 2017 13:24:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=mBMun9chtqQcDYDs4ly7lXhKjI/DAgrnajNrsyKLeyM=; b=evx/K Y5DfXFalp6WyZAyEYVRwGjjtC/2hYS+Q6B/h+R8NKmceNtphlRZWPu0ec67F5gQn wyt+BV2o0sVLR6k/tU9exWvouklNnfgqOcT2lHvnDzW+dwkf1icnTyczaSBCFpYo yC9W448Zplivuh5+U7Sfi3uSVNN5tW6nnDzcQQ= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; bh=mBMun9chtqQcDYDs4ly7lXhKjI/DA grnajNrsyKLeyM=; b=ebZhZHqEYUu8eRWjSrZcompMODLFLJWnhGZUrJoJP4S6q hMR/sSD2uXh6oBWT5Axwxm/HUtRf3uXEirTV6KWqyezfR9nxxQmTVA53/mWd6qot IMIvV6iax4UtVw12Xz2upX1E6R7cZ8MWxsmSmkWeXj48K80bIdlVVz6OGAJAoUYq ahzZGGwX/UOA4mhjN7aeLi0BrihCOrZztKErg245cnkB8PCTMtyq3yqvplYjDKd8 Em0dMZH/bqRrzsn6y750wWtIfz6vycQMFs+abXYOyxYvdLgAksBO1zPYRtwi6J1E GslkuBMh1p0wEmH2P8cLl9xfUd/n0A4gDaYOJ7NBw== X-ME-Sender: Received: from localhost (mfe2536d0.tmodns.net [208.54.37.254]) by mail.messagingengine.com (Postfix) with ESMTPA id 3F30A7FAE2; Mon, 4 Dec 2017 13:24:29 -0500 (EST) Date: Mon, 4 Dec 2017 13:24:28 -0500 From: Leo Famulari To: ng0 Subject: Re: [bug#29528] Add blacknurse Message-ID: <20171204182428.GE30970@jasmine.lan> References: <20171130194227.bpe4l2ccvcrr5spb@abyayala> <874lp74dtz.fsf@elephly.net> <20171203234910.w22jwdr6fzdxe26i@abyayala> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7DO5AaGCk89r4vaK" Content-Disposition: inline In-Reply-To: <20171203234910.w22jwdr6fzdxe26i@abyayala> User-Agent: Mutt/1.9.1 (2017-09-22) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 29528 Cc: Ricardo Wurmus , 29528@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --7DO5AaGCk89r4vaK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Dec 03, 2017 at 11:49:10PM +0000, ng0 wrote: > To some extent I agree, I'm just probing where we draw the > line in pen-testing software. Okay, that makes sense. I think the best approach is to simply start the discussion instead of sending a patch to add a package. --7DO5AaGCk89r4vaK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlolktwACgkQJkb6MLrK fwhBZQ//Xj9+JQmyftLxTWRpwAE2MrmbVyH955itdBCmoEN/aD813sLXJefCEHTO 0+v9hd+WwQzCGnh98fatqDK5+Ib9g/g9kU5zV+2RGJzntbnxivJdsZKMawmn4MVX lAUNvb3+NhCeHZMHJm0DFx+3LO0sv9v6ZZAniED1non5UXQVg+FfbfsAtnTI9ELz g8IK7YvurBpP0qSNe1A01t4RLhyHNv0/JX37+h8eJ9gyKFKKDJghpwPyXjb1vqpe +4EXgo5MJ5u674nz8mOSKOZL8m6tfE4n/w2VTuSwC67QU1N9CVUet0gPKLK1yAW/ UQVF7bmdBt7dAMHbMToYFBBSHvyN14JcGXmkbBGufcCI6xdCGqqF4sVwRINS6tQQ 9W6ftdMC1qCa5XWr59USycQgZ49HZeQR1XPaPZ8g4we3y1Guyn07Q2qa/UTWfJR/ Is1sY5X0ucsHkUhAcGOEQgdtIJN/Htm74Kw5PLgvHZFJ0rNDmHwCS6AidncAj6R0 AscoJrPWY2s/OzHBEVmUVO7EwwnkM5KkmdJoRoZVb01jjKe7Drsyc7rXdudNqk7C kOwFq+Zx7eamviC7xGPOtttW+o8E6+ZzsOEeMb6uSHyoWaySNIPN8C/Y0Dl4Fhbk fM1odVCzzoOPmdl6UcoyLCOjHA4CS0lXP1GAQWPnQ6RgsQZLroc= =WCPZ -----END PGP SIGNATURE----- --7DO5AaGCk89r4vaK-- From unknown Fri Jun 20 18:24:34 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 02 Jan 2018 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator