GNU bug report logs - #29528
Add blacknurse

Previous Next

Package: guix-patches;

Reported by: ng0 <ng0 <at> n0.is>

Date: Fri, 1 Dec 2017 20:10:01 UTC

Severity: normal

Done: ng0 <ng0 <at> n0.is>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 29528 <at> debbugs.gnu.org (full text, mbox):

From: Ricardo Wurmus <rekado <at> elephly.net>
To: ng0 <ng0 <at> n0.is>
Cc: 29528 <at> debbugs.gnu.org, ludo <at> gnu.org
Subject: Re: [bug#29528] Add blacknurse
Date: Mon, 04 Dec 2017 00:00:08 +0100

Hi ng0,

> +(define-public blacknurse
> +  (let* ((commit "d2a2b23544295844714ebf8d2d78af37fe5770c9")
> +         (revision "1"))
> +    (package
> +      (name "blacknurse")
> +      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
> +      (source
> +       (origin
> +         (method git-fetch)
> +         (uri (git-reference
> +               (url "https://github.com/jedisct1/blacknurse")
> +               (commit commit)))
> +         (file-name (string-append name "-" version))

This should be “(file-name (string-append name "-" version "-checkout"))”.

> +         (sha256
> +          (base32
> +           "1w7zmcrnrs4p4naj3i6h1wcmd56dgrfd7myx0ljhw162sg0134nz"))))
> +      (build-system gnu-build-system)
> +      (arguments
> +       `(#:make-flags (list "CC=gcc")
> +         #:tests? #f ; No tests
> +         #:phases
> +         (modify-phases %standard-phases
> +           (delete 'configure) ; No configure script
> +           (replace 'install
> +             (lambda* (#:key outputs #:allow-other-keys)
> +               (let* ((out (assoc-ref outputs "out"))
> +                      (bin (string-append out "/bin")))
> +                 (install-file "blacknurse" bin)))))))

This should end on #t.

> +      (home-page "https://github.com/jedisct1/blacknurse")
> +      (synopsis "Proof of Concept for the Blacknurse attack")
> +      (description
> +       "Simple Proof of Concept for the Blacknurse attack.
> +Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
> +of service to well known firewalls.")

The first fragment is not a full sentence.

Looking at this package I wonder why it should be part of Guix as it is
merely malware.  I don’t see any reason why this should be installable
through Guix.  We are not in the habit of providing packages for
exploits.  Putting it in “networking” makes it seem like this would be a
useful networking application, but it really is not.  It just
demonstrates a bug in networked devices.

@Ludo: what do you think?

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net
This bug report was last modified 7 years and 168 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.