[9796] in bugtraq
Re: Buffer Overflow in Super (new)
daemon@ATHENA.MIT.EDU (Ryan Russell)
Fri Feb 26 13:31:18 1999
Date: Fri, 26 Feb 1999 09:49:27 -0800
Reply-To: Ryan Russell <Ryan_Russell@SYBASE.COM>
From: Ryan Russell <Ryan_Russell@SYBASE.COM>
X-To: William Deich <will@UCOLICK.ORG>
To: BUGTRAQ@NETSPACE.ORG
>In sum, items (i) and (ii) ensure that users can't create buffer overflows
>from the command line. Item (iii) is insurance that users can't
>pass strings that might be confusing to super in some other, unanticipated
>manner. Item (iv) avoids buffer overflows from user-supplied super.tab
>files.
>
>With apologies for the inconvenience to all,
>
>-Will
If any software producers (commercial or freeware) on this list
are paying attention:
I don't think I've ever seen a better response by an author to someone
finding a hole in his/her program.
He did a review of his whole product, closed down potential holes,
did it within a very short period of time, then apologized.
Will, with a response like yours, no apology is neccessary. Thank
you for an excellent example of how to handle this type of situation.
Ryan
