TIL: You can make HTTP requests without curl using Bash /dev/TCP

Original Article ↗ Hacker News Discussion ↗

Feature Overview: Bash /dev/tcp and /dev/udp

  • Bash exposes special pseudo-paths /dev/tcp/host/port and /dev/udp/host/port that open TCP/UDP sockets.
  • This is a Bash (and historically KornShell) feature, not POSIX; dash and many other shells don’t support it, and some distros have compiled it out in the past.
  • It’s not a real device or filesystem like Plan 9’s /net; it’s an internal Bash mechanism.

Practical Uses and Tricks

  • Common use: quick intra-container connectivity or health checks when tools like curl, wget, nc, or telnet aren’t installed.
  • People use it in Docker HEALTHCHECKs, minimal images, CI/CD library containers, and locked-down environments.
  • Handy for simple port checks, basic HTTP GETs, port knocking, UDP “fire-and-forget” control messages, and one-off debugging.
  • Also used in penetration testing and CTFs when only a bare shell is available.

HTTP vs. TCP and Limitations

  • Several commenters stress that Bash only opens TCP; the user is manually speaking HTTP.
  • It works for trivial HTTP/1.0/1.1 requests but does not robustly handle redirects, proxies, encodings, or full HTTP parsing.
  • HTTPS, HTTP/2, and HTTP/3 are essentially out of scope; tools like curl, socat, openssl s_client, or proper libraries are recommended.
  • Using this as a general-purpose HTTP client is described as fragile and “toy-level.”

Minimal / Distroless Images and Debugging Trade-offs

  • Some advocate extremely minimal or FROM scratch images (often with statically linked binaries) to reduce CVE surface and compliance noise.
  • Others argue that omitting basic tools (curl, coreutils, editor, etc.) makes real-world debugging needlessly painful.
  • Suggested mitigations include debug/ephemeral containers, kubectl debug, nsenter + chroot, and attaching separate tool-rich environments.
  • Debate centers on whether security benefits outweigh operational friction, and whether this mainly addresses real attack surface or just security scanners.

Historical and Conceptual Context

  • Several reminisce about manually speaking protocols (HTTP, SMTP, POP3, IRC) over telnet or similar tools; this trick is seen as a modern variant.
  • Plan 9’s /net and Go’s networking APIs are mentioned as conceptual predecessors to this style of network-as-files design.