[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#325824: (no subject)

Hi Paul
Thanks for your commentaries, with respect to that, I textually
mention the author:

"The sscanf issues should be of no danger, as the data they are parsing
is regulated by the kernel / proc fs, and the maximum size of the data
is static, and known on forehand. (In other words, the sscanf's in the
proc parsing code cannot be overflowed AFAIK). I will, however, fix the
sscanf statements so that they don't look like possible errors.

As for circumventing the system, that is possible. As with most systems,
security related or otherwise, there is allways a possible way of
circumventing it. That is the reason for recommending the use of e.g.
kernel hardening patches such as grsecurity. Ninja's strenght lies in the
fact that the attacker generally shouldn't know that ninja is running
on the system. However, I try to make it a tight and secure as I can,
and I will try to fix any problems that are brought to my attention."

It seems that there are no serious conflicts that could affect the


 .''`.    William Vera <billy@billy.com.mx>
: :'  :   PGP Key: 1024D/F5CC22A4
`. `'`    Fingerprint: 3E73 FA1F 5C57 6005 0439  4D75 1FD2 BF96 F5CC 22A4

Reply to: