Hi, Some comments some people had on irc. <pabs> ooh: bugs.debian.org/325824 <person1> pabs: nice tool <pabs> indeed <person2> hmm, that's kind of super trivial to defeat <person2> heh it has off-by-one buffer overflows all over the place too because they don't understand how to use field width in sscanf() <person3> heh * person3 prefers openbsd's approach with systrace <person4> still, it can break a lot of script-kiddie toolkits <person3> out of interest, what happens if you modify your euid/egid to a permitted user, and then step to root? <person2> Then you win and the ninja loses, you need to set the real uid though * person3 nods <pabs> person2: care to mail the ITP about those issues? <pabs> 325824@bugs.debian.org <person2> What's the ITP? <pabs> sorry, intent to package <person2> Well, the overflows look harmless <person2> If you set your process name to something that is 32 characters long it will write a NULL byte into the next array but the array isn't used for anything <person2> The other overflows are in config parsing so they don't matter either <pabs> still, be good to give the packager a heads up about the coding quality of it <person2> I would feel silly pointing out the small harmless mistakes without commenting on how worthless I think the main idea is <pabs> do that too <person2> That's a lot more work <person2> when I don't even use debian <person2> Plus I have a vested interest in keeping linux lame so I can continue to whine and complain about it :-) <pabs> hhehe Anyway, in short, these buffer overflows should be fixed before it enters debian in order to save the security team from doing it later (even if they are harmless). Not sure what was meant by "super trivial to defeat", I spose that this should be fixed too if it is actually an issue. -- bye, pabs http://qa.debian.org/developer.php?login=Paul+Wise&comaint=yes
Attachment:
signature.asc
Description: This is a digitally signed message part