Bugtraq mailing list archives
Re: Buffer Overflow in Super (new)
From: Ryan_Russell () SYBASE COM (Ryan Russell)
Date: Fri, 26 Feb 1999 09:49:27 -0800
In sum, items (i) and (ii) ensure that users can't create buffer overflows from the command line. Item (iii) is insurance that users can't pass strings that might be confusing to super in some other, unanticipated manner. Item (iv) avoids buffer overflows from user-supplied super.tab files. With apologies for the inconvenience to all, -Will
If any software producers (commercial or freeware) on this list are paying attention: I don't think I've ever seen a better response by an author to someone finding a hole in his/her program. He did a review of his whole product, closed down potential holes, did it within a very short period of time, then apologized. Will, with a response like yours, no apology is neccessary. Thank you for an excellent example of how to handle this type of situation. Ryan
Current thread:
- Buffer Overflow in Super (new) William Deich (Feb 26)
- <Possible follow-ups>
- Re: Buffer Overflow in Super (new) Ryan Russell (Feb 26)