Hi Paul Thanks for your commentaries, with respect to that, I textually mention the author:
"The sscanf issues should be of no danger, as the data they are parsing is regulated by the kernel / proc fs, and the maximum size of the data is static, and known on forehand. (In other words, the sscanf's in the proc parsing code cannot be overflowed AFAIK). I will, however, fix the sscanf statements so that they don't look like possible errors. As for circumventing the system, that is possible. As with most systems, security related or otherwise, there is allways a possible way of circumventing it. That is the reason for recommending the use of e.g. kernel hardening patches such as grsecurity. Ninja's strenght lies in the fact that the attacker generally shouldn't know that ninja is running on the system. However, I try to make it a tight and secure as I can, and I will try to fix any problems that are brought to my attention." It seems that there are no serious conflicts that could affect the security Regards! -- .''`. William Vera <[EMAIL PROTECTED]> : :' : PGP Key: 1024D/F5CC22A4 `. `'` Fingerprint: 3E73 FA1F 5C57 6005 0439 4D75 1FD2 BF96 F5CC 22A4 `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
