all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#29528] Add blacknurse
@ 2017-11-30 19:42 ng0
  2017-12-03 23:00 ` Ricardo Wurmus
  0 siblings, 1 reply; 7+ messages in thread
From: ng0 @ 2017-11-30 19:42 UTC (permalink / raw)
  To: 29528


[-- Attachment #1.1: Type: text/plain, Size: 159 bytes --]

A package from my pen-testing repo.
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is

[-- Attachment #1.2: 0001-gnu-Add-blacknurse.patch --]
[-- Type: text/plain, Size: 3080 bytes --]

From 4aa7ccc47c588e1383d1ea34024b900611317dea Mon Sep 17 00:00:00 2001
From: ng0 <ng0@n0.is>
Date: Thu, 30 Nov 2017 19:39:07 +0000
Subject: [PATCH] gnu: Add blacknurse.

* gnu/packages/networking.scm (blacknurse): New variable.
---
 gnu/packages/networking.scm | 39 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 1f4906b7b..b8ade6468 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -8,7 +8,7 @@
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
+;;; Copyright © 2016, 2017 ng0 <ng0@n0.is>
 ;;; Copyright © 2016, 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
 ;;; Copyright © 2016, 2017 Pjotr Prins <pjotr.guix@thebird.nl>
@@ -38,6 +38,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system gnu)
@@ -1536,3 +1537,39 @@ at the IP layer and link layer, as well as a host of supplementary
 functionality.  Using libnet, quick and simple packet assembly applications
 can be whipped up with little effort.")
     (license license:bsd-2)))
+
+(define-public blacknurse
+  (let* ((commit "d2a2b23544295844714ebf8d2d78af37fe5770c9")
+         (revision "1"))
+    (package
+      (name "blacknurse")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/jedisct1/blacknurse")
+               (commit commit)))
+         (file-name (string-append name "-" version))
+         (sha256
+          (base32
+           "1w7zmcrnrs4p4naj3i6h1wcmd56dgrfd7myx0ljhw162sg0134nz"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:make-flags (list "CC=gcc")
+         #:tests? #f ; No tests
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure) ; No configure script
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin")))
+                 (install-file "blacknurse" bin)))))))
+      (home-page "https://github.com/jedisct1/blacknurse")
+      (synopsis "Proof of Concept for the Blacknurse attack")
+      (description
+       "Simple Proof of Concept for the Blacknurse attack.
+Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
+of service to well known firewalls.")
+      (license license:bsd-2))))
-- 
2.15.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [bug#29528] Add blacknurse
  2017-11-30 19:42 [bug#29528] Add blacknurse ng0
@ 2017-12-03 23:00 ` Ricardo Wurmus
  2017-12-03 23:49   ` ng0
  2017-12-04  8:41   ` Ludovic Courtès
  0 siblings, 2 replies; 7+ messages in thread
From: Ricardo Wurmus @ 2017-12-03 23:00 UTC (permalink / raw)
  To: ng0; +Cc: 29528


Hi ng0,

> +(define-public blacknurse
> +  (let* ((commit "d2a2b23544295844714ebf8d2d78af37fe5770c9")
> +         (revision "1"))
> +    (package
> +      (name "blacknurse")
> +      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
> +      (source
> +       (origin
> +         (method git-fetch)
> +         (uri (git-reference
> +               (url "https://github.com/jedisct1/blacknurse")
> +               (commit commit)))
> +         (file-name (string-append name "-" version))

This should be “(file-name (string-append name "-" version "-checkout"))”.

> +         (sha256
> +          (base32
> +           "1w7zmcrnrs4p4naj3i6h1wcmd56dgrfd7myx0ljhw162sg0134nz"))))
> +      (build-system gnu-build-system)
> +      (arguments
> +       `(#:make-flags (list "CC=gcc")
> +         #:tests? #f ; No tests
> +         #:phases
> +         (modify-phases %standard-phases
> +           (delete 'configure) ; No configure script
> +           (replace 'install
> +             (lambda* (#:key outputs #:allow-other-keys)
> +               (let* ((out (assoc-ref outputs "out"))
> +                      (bin (string-append out "/bin")))
> +                 (install-file "blacknurse" bin)))))))

This should end on #t.

> +      (home-page "https://github.com/jedisct1/blacknurse")
> +      (synopsis "Proof of Concept for the Blacknurse attack")
> +      (description
> +       "Simple Proof of Concept for the Blacknurse attack.
> +Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
> +of service to well known firewalls.")

The first fragment is not a full sentence.

Looking at this package I wonder why it should be part of Guix as it is
merely malware.  I don’t see any reason why this should be installable
through Guix.  We are not in the habit of providing packages for
exploits.  Putting it in “networking” makes it seem like this would be a
useful networking application, but it really is not.  It just
demonstrates a bug in networked devices.

@Ludo: what do you think?

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#29528] Add blacknurse
  2017-12-03 23:00 ` Ricardo Wurmus
@ 2017-12-03 23:49   ` ng0
  2017-12-04 18:24     ` Leo Famulari
  2017-12-04  8:41   ` Ludovic Courtès
  1 sibling, 1 reply; 7+ messages in thread
From: ng0 @ 2017-12-03 23:49 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 29528

[-- Attachment #1: Type: text/plain, Size: 3326 bytes --]

Ricardo Wurmus transcribed 2.1K bytes:
> 
> Hi ng0,
> 
> > +(define-public blacknurse
> > +  (let* ((commit "d2a2b23544295844714ebf8d2d78af37fe5770c9")
> > +         (revision "1"))
> > +    (package
> > +      (name "blacknurse")
> > +      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
> > +      (source
> > +       (origin
> > +         (method git-fetch)
> > +         (uri (git-reference
> > +               (url "https://github.com/jedisct1/blacknurse")
> > +               (commit commit)))
> > +         (file-name (string-append name "-" version))
> 
> This should be “(file-name (string-append name "-" version "-checkout"))”.
> 
> > +         (sha256
> > +          (base32
> > +           "1w7zmcrnrs4p4naj3i6h1wcmd56dgrfd7myx0ljhw162sg0134nz"))))
> > +      (build-system gnu-build-system)
> > +      (arguments
> > +       `(#:make-flags (list "CC=gcc")
> > +         #:tests? #f ; No tests
> > +         #:phases
> > +         (modify-phases %standard-phases
> > +           (delete 'configure) ; No configure script
> > +           (replace 'install
> > +             (lambda* (#:key outputs #:allow-other-keys)
> > +               (let* ((out (assoc-ref outputs "out"))
> > +                      (bin (string-append out "/bin")))
> > +                 (install-file "blacknurse" bin)))))))
> 
> This should end on #t.
> 
> > +      (home-page "https://github.com/jedisct1/blacknurse")
> > +      (synopsis "Proof of Concept for the Blacknurse attack")
> > +      (description
> > +       "Simple Proof of Concept for the Blacknurse attack.
> > +Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
> > +of service to well known firewalls.")
> 
> The first fragment is not a full sentence.
> 
> Looking at this package I wonder why it should be part of Guix as it is
> merely malware.  I don’t see any reason why this should be installable
> through Guix.  We are not in the habit of providing packages for
> exploits.  Putting it in “networking” makes it seem like this would be a
> useful networking application, but it really is not.  It just
> demonstrates a bug in networked devices.
> 
> @Ludo: what do you think?
> 
> --
> Ricardo
> 
> GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
> https://elephly.net

To some extent I agree, I'm just probing where we draw the
line in pen-testing software.
I have a repository for those, and I'll add a comment to
get an idea for what we decide on. blacknurse for me
was a grey area in a new class of pen-testing software
I haven't sent before.
Software written with malicious intentions or such that
can be interpreted / used with those has a broad range,
some of it will be okay for us in Guix, some of it won't
be okay.
I draw the line at explicitly malicious. Blacknurse was
kinda okay for me, but I think your comment is enough
to let me put it in the case-by-case 'malicious' category.
Runs an PoC exploit targeted at launching an attack against
unpatched firewalls -> bad.

Eventually this should help getting a list of example
software we will not accept in Guix, if someone else
tries.
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#29528] Add blacknurse
  2017-12-03 23:00 ` Ricardo Wurmus
  2017-12-03 23:49   ` ng0
@ 2017-12-04  8:41   ` Ludovic Courtès
  2017-12-04 16:18       ` bug#29528: " ng0
  1 sibling, 1 reply; 7+ messages in thread
From: Ludovic Courtès @ 2017-12-04  8:41 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 29528

Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

>> +      (home-page "https://github.com/jedisct1/blacknurse")
>> +      (synopsis "Proof of Concept for the Blacknurse attack")
>> +      (description
>> +       "Simple Proof of Concept for the Blacknurse attack.
>> +Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
>> +of service to well known firewalls.")
>
> The first fragment is not a full sentence.
>
> Looking at this package I wonder why it should be part of Guix as it is
> merely malware.  I don’t see any reason why this should be installable
> through Guix.  We are not in the habit of providing packages for
> exploits.  Putting it in “networking” makes it seem like this would be a
> useful networking application, but it really is not.  It just
> demonstrates a bug in networked devices.
>
> @Ludo: what do you think?

Indeed.  I see two issues here:

  1. a “proof of concept” is typically something for experts of the
     field to study, rather than generally useful software;

  2. it’s a tool whose purpose is to perform DoS attacks on routers, and
     I find it questionable to provide it in Guix (not to mention that
     there’s no shortage of such programs that we could add!).

So overall I’m reluctant to including it in Guix.

Thoughts?

Ludo’.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [bug#29528] Add blacknurse
  2017-12-04  8:41   ` Ludovic Courtès
@ 2017-12-04 16:18       ` ng0
  0 siblings, 0 replies; 7+ messages in thread
From: ng0 @ 2017-12-04 16:18 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel, 29528-done

[-- Attachment #1: Type: text/plain, Size: 3694 bytes --]

Ludovic Courtès transcribed 1.4K bytes:
> Hi,
> 
> Ricardo Wurmus <rekado@elephly.net> skribis:
> 
> >> +      (home-page "https://github.com/jedisct1/blacknurse")
> >> +      (synopsis "Proof of Concept for the Blacknurse attack")
> >> +      (description
> >> +       "Simple Proof of Concept for the Blacknurse attack.
> >> +Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
> >> +of service to well known firewalls.")
> >
> > The first fragment is not a full sentence.
> >
> > Looking at this package I wonder why it should be part of Guix as it is
> > merely malware.  I don’t see any reason why this should be installable
> > through Guix.  We are not in the habit of providing packages for
> > exploits.  Putting it in “networking” makes it seem like this would be a
> > useful networking application, but it really is not.  It just
> > demonstrates a bug in networked devices.
> >
> > @Ludo: what do you think?
> 
> Indeed.  I see two issues here:
> 
>   1. a “proof of concept” is typically something for experts of the
>      field to study, rather than generally useful software;

Hm... We have some proof of work implementations of software in Guix
I think. In addition I'd think that there are many more professionals
only software. So PoC as an issues is a non-issue to me as long as it
works.

>   2. it’s a tool whose purpose is to perform DoS attacks on routers, and
>      I find it questionable to provide it in Guix (not to mention that
>      there’s no shortage of such programs that we could add!).

And this is the real issue. I fully agree with the statements and
views on this software made by Ricardo and yourself.
I'm taking most of these software from BlackArch, Kali and
other distro-builder distros targeted at pen-testing professionals
in addition to the commercial solutions.
Some of these don't even have license statements, I had chats with
BlackArch to correct a large batch of their own script'ish software.

> So overall I’m reluctant to including it in Guix.
> 
> Thoughts?
> 
> Ludo’.

I haven't read the Documentation in a while, but do we define anything
besides the requirement that a software needs to fit into the GNU FSDG?
I mean more specifically, do we want to come up with a definition for
software (such as this) that won't be included at all, or do we decide
individually per case?
I myself now know what we have agreed upon here, I just don't know if
it would make more sense to define it in the Handbook.
There's a whole lot of software similar to this out there.
For example:
I have a collection of isolated viruses somewhere that is intended for
study only. Of course I know this is definitely not something we should
distribute in master, but there are certain cases where people wouldn't
know wether this is okay to distribute from the official side or not.

In addition to my main projects I'm lowkey working on some kind of
pen-testing repository, so that it can serve as a base for a flavor
of my mechanism for custom distro building automation. Based on the
general mechanism of creating official flavors I could test the ability
to extend on this with for example the theme of pen-testing.
Some of the software can find it way into Guix (some already has),
a large amount of it won't (for obvious reasons).

I'm CC'ing devel and closing this bug, so that we can discuss - if
necessary - the problem of pointing out software like this in and their
restriction in the Handbook.

Thanks,
N.
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* bug#29528: Add blacknurse
@ 2017-12-04 16:18       ` ng0
  0 siblings, 0 replies; 7+ messages in thread
From: ng0 @ 2017-12-04 16:18 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Ricardo Wurmus, guix-devel, 29528-done

[-- Attachment #1: Type: text/plain, Size: 3694 bytes --]

Ludovic Courtès transcribed 1.4K bytes:
> Hi,
> 
> Ricardo Wurmus <rekado@elephly.net> skribis:
> 
> >> +      (home-page "https://github.com/jedisct1/blacknurse")
> >> +      (synopsis "Proof of Concept for the Blacknurse attack")
> >> +      (description
> >> +       "Simple Proof of Concept for the Blacknurse attack.
> >> +Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
> >> +of service to well known firewalls.")
> >
> > The first fragment is not a full sentence.
> >
> > Looking at this package I wonder why it should be part of Guix as it is
> > merely malware.  I don’t see any reason why this should be installable
> > through Guix.  We are not in the habit of providing packages for
> > exploits.  Putting it in “networking” makes it seem like this would be a
> > useful networking application, but it really is not.  It just
> > demonstrates a bug in networked devices.
> >
> > @Ludo: what do you think?
> 
> Indeed.  I see two issues here:
> 
>   1. a “proof of concept” is typically something for experts of the
>      field to study, rather than generally useful software;

Hm... We have some proof of work implementations of software in Guix
I think. In addition I'd think that there are many more professionals
only software. So PoC as an issues is a non-issue to me as long as it
works.

>   2. it’s a tool whose purpose is to perform DoS attacks on routers, and
>      I find it questionable to provide it in Guix (not to mention that
>      there’s no shortage of such programs that we could add!).

And this is the real issue. I fully agree with the statements and
views on this software made by Ricardo and yourself.
I'm taking most of these software from BlackArch, Kali and
other distro-builder distros targeted at pen-testing professionals
in addition to the commercial solutions.
Some of these don't even have license statements, I had chats with
BlackArch to correct a large batch of their own script'ish software.

> So overall I’m reluctant to including it in Guix.
> 
> Thoughts?
> 
> Ludo’.

I haven't read the Documentation in a while, but do we define anything
besides the requirement that a software needs to fit into the GNU FSDG?
I mean more specifically, do we want to come up with a definition for
software (such as this) that won't be included at all, or do we decide
individually per case?
I myself now know what we have agreed upon here, I just don't know if
it would make more sense to define it in the Handbook.
There's a whole lot of software similar to this out there.
For example:
I have a collection of isolated viruses somewhere that is intended for
study only. Of course I know this is definitely not something we should
distribute in master, but there are certain cases where people wouldn't
know wether this is okay to distribute from the official side or not.

In addition to my main projects I'm lowkey working on some kind of
pen-testing repository, so that it can serve as a base for a flavor
of my mechanism for custom distro building automation. Based on the
general mechanism of creating official flavors I could test the ability
to extend on this with for example the theme of pen-testing.
Some of the software can find it way into Guix (some already has),
a large amount of it won't (for obvious reasons).

I'm CC'ing devel and closing this bug, so that we can discuss - if
necessary - the problem of pointing out software like this in and their
restriction in the Handbook.

Thanks,
N.
-- 
GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588
GnuPG: https://c.n0.is/ng0_pubkeys/tree/keys
  WWW: https://n0.is

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* [bug#29528] Add blacknurse
  2017-12-03 23:49   ` ng0
@ 2017-12-04 18:24     ` Leo Famulari
  0 siblings, 0 replies; 7+ messages in thread
From: Leo Famulari @ 2017-12-04 18:24 UTC (permalink / raw)
  To: ng0; +Cc: Ricardo Wurmus, 29528

[-- Attachment #1: Type: text/plain, Size: 276 bytes --]

On Sun, Dec 03, 2017 at 11:49:10PM +0000, ng0 wrote:
> To some extent I agree, I'm just probing where we draw the
> line in pen-testing software.

Okay, that makes sense. I think the best approach is to simply start the
discussion instead of sending a patch to add a package.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2017-12-04 18:25 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-30 19:42 [bug#29528] Add blacknurse ng0
2017-12-03 23:00 ` Ricardo Wurmus
2017-12-03 23:49   ` ng0
2017-12-04 18:24     ` Leo Famulari
2017-12-04  8:41   ` Ludovic Courtès
2017-12-04 16:18     ` ng0
2017-12-04 16:18       ` bug#29528: " ng0

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.