Bug#325824: (no subject)

To: 325824@bugs.debian.org
Subject: Bug#325824: (no subject)
From: William Vera <billy@billy.com.mx>
Date: Wed, 31 Aug 2005 16:06:49 -0500
Message-id: <[🔎] 20050831210649.GA25360@localhost.localdomain>
Reply-to: billy@billy.com.mx, 325824@bugs.debian.org

Hi Paul
Thanks for your commentaries, with respect to that, I textually
mention the author:

"The sscanf issues should be of no danger, as the data they are parsing
is regulated by the kernel / proc fs, and the maximum size of the data
is static, and known on forehand. (In other words, the sscanf's in the
proc parsing code cannot be overflowed AFAIK). I will, however, fix the
sscanf statements so that they don't look like possible errors.

As for circumventing the system, that is possible. As with most systems,
security related or otherwise, there is allways a possible way of
circumventing it. That is the reason for recommending the use of e.g.
kernel hardening patches such as grsecurity. Ninja's strenght lies in the
fact that the attacker generally shouldn't know that ninja is running
on the system. However, I try to make it a tight and secure as I can,
and I will try to fix any problems that are brought to my attention."


It seems that there are no serious conflicts that could affect the
security

Regards!

-- 
 .''`.    William Vera <billy@billy.com.mx>
: :'  :   PGP Key: 1024D/F5CC22A4
`. `'`    Fingerprint: 3E73 FA1F 5C57 6005 0439  4D75 1FD2 BF96 F5CC 22A4
  `-

Reply to:

Prev by Date: Bug#325928: ITP: gyrus -- GNOME tool for the administration of mailboxes in Cyrus-IMAP servers
Next by Date: Bug#325934: ITP: php-clamavlib -- PHP ClamAV Lib - ClamAV Interface for PHP Scripts
Previous by thread: Bug#325928: ITP: gyrus -- GNOME tool for the administration of mailboxes in Cyrus-IMAP servers
Next by thread: Bug#325934: ITP: php-clamavlib -- PHP ClamAV Lib - ClamAV Interface for PHP Scripts
Index(es):
- Date
- Thread