back to article Fedora bars SQLNinja hack tool

Fedora Project leaders have banned a popular penetration-testing tool from their repository out of concern it could saddle the organization with legal burdens. The move came on Monday in a unanimous vote by the Fedora Project's board of directors rejecting a request that SQLNinja be added to the archive of open-source …

COMMENTS

This topic is closed for new posts.

lord

deliver me from

./configure

make

make install

3
0
Happy

Whoa, way too much effort

I'll stick to:

wget http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm

wget http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm

rpm -Uvh rpmfusion-free-release-stable.noarch.rpm

rpm -Uvh rpmfusion-nonfree-release-stable.noarch.rpm

yum install sqlninja

0
0
Go

lord answers your prayer

Indeed you don't have to compile anything, it seems. It's a perl script.

0
0
Silver badge
Big Brother

Fedora does what is has to...

because strutting politicians are stinking things up relentlessly, believing that draconian laws will make the world a happy place full of smiles, candy, fluffy animals and well-ironed uniforms.

This will go on until only criminals and three-letter agencies have dual-use tools and then we are truly owned.

1
0
Stop

@Destroy All Monsters

No need to get melodramatic...

SQLNinja only tests SQL injection on MS-SQL servers. Which isn't something that is even available on Fedora. So why include it as a Fedora package?

If you don't want criminals and three-letter agencies to own your data, make it secure to begin. Just like the Google streetview war driving scandal. Everyone is outraged by what Google did, but no one seems a bit concerned that those APs are wide open, and are still open today.

0
1

Yeah, right.

Anyone who believes penetration testers and security professionals are not capable of downloading and installing the utility themselves, is truly living in la-la land.

0
0
Silver badge
Thumb Up

Well done!

Never heard of it before but now I want to know more and I might just be installing it, manually of course, into my testbed Fedora VM!

0
0

This post has been deleted by a moderator

The point is

Not to remove it from use, but remove Fedora's liability if it's used illegally.

Of course you can still install it manually, but now Fedora can say they do not condone it.

Lawyers are not always stupid, imagine if Microsoft decided to get legal after a few high profile attacks on SQL Server and sued Fedora for making the tool available.

They might not win, but they could bankrupt the open source competition.

0
0

No surprise

If a distro feels liable to distribute some unlawful packages in some juridictions, there's no surprise to not distribute this kind of stuff, no ?

0
0

The simple solution

Tell Alberto Revelli to rewrite SQLNinja in security-prevention terms (e.g. "identifies SQL injection vulnerabilities" versus "get root on remote systems") and the problem is solved.

0
0
Thumb Down

@Author

Axe to grind much?

SQLNinja is marketed as more of an skiddie tool than a pentest tool - describing it as "a popular penetration-testing tool" is rather disingenuous. Sure, it /can/ be used for that, but that's not how it's marketed, and it's hardly popular among security professionals.

Fedora does not package every single piece of FOSS GNU/Linux software in the world, and does not aim to. All I see is an author with some sort of personal problem here.

0
0
This topic is closed for new posts.

Forums