> I am curious why these Lynx bugs are being reported to bugtraq, but not > to the developers of Lynx. Likewise for bugs in anything else. Please > have the courtesy to report them to the people who should be fixing > them! I have a very different take on all this. Any software group shipping a piece of software today for which they have not put even a minimal amount of effort at fixing the buffer overflows ... isn't going to get much help from this community (or from me). A lot of these groups appear to be asking for messages telling them where the bugs are. Do they want messages like "Oh, I found one exploitable hole in about 4 minutes of searching, but I have not looked at the other 180 blatently obvious buffer overflows I saw; perhaps after you make your next release I'll spend another 4 minutes and find another one". I wish these software groups would put some effort into writing quality code. If you can't or won't go into your own code and properly constrain your memory accesses to the intended object, what kind of programmers are you anyways? Unbounded memory access problems are TRIVIAL to find and TRIVIAL to fix, and the only reason this issue keeps coming up is because there's a hell of a lot of really LAZY people out there.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:52:44 PDT