[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#325824: issues with ninja


Some comments some people had on irc.

<pabs> ooh: bugs.debian.org/325824
<person1> pabs: nice tool
<pabs> indeed
<person2> hmm, that's kind of super trivial to defeat
<person2> heh it has off-by-one buffer overflows all over the place too
because they don't understand how to use field width in sscanf()
<person3> heh
* person3 prefers openbsd's approach with systrace
<person4> still, it can break a lot of script-kiddie toolkits
<person3> out of interest, what happens if you modify your euid/egid to
a permitted user, and then step to root?
<person2> Then you win and the ninja loses, you need to set the real uid
* person3 nods
<pabs> person2: care to mail the ITP about those issues?
<pabs> 325824@bugs.debian.org
<person2> What's the ITP?
<pabs> sorry, intent to package
<person2> Well, the overflows look harmless
<person2> If you set your process name to something that is 32
characters long it will write a NULL byte into the next array but the
array isn't used for anything
<person2> The other overflows are in config parsing so they don't matter
<pabs> still, be good to give the packager a heads up about the coding
quality of it
<person2> I would feel silly pointing out the small harmless mistakes
without commenting on how worthless I think the main idea is
<pabs> do that too
<person2> That's a lot more work
<person2> when I don't even use debian
<person2> Plus I have a vested interest in keeping linux lame so I can
continue to whine and complain about it :-)
<pabs> hhehe

Anyway, in short, these buffer overflows should be fixed before it
enters debian in order to save the security team from doing it later
(even if they are harmless). Not sure what was meant by "super trivial
to defeat", I spose that this should be fixed too if it is actually an



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: