Re: Buffer Overflow in Super (new)

From: Ryan Russell (Ryan_Russellat_private)
Date: Fri Feb 26 1999 - 09:49:27 PST

Next message: debian-security-announceat_private: "[SECURITY] New version of lsof fixes buffer overflow"

Previous message: Ansar Mohammed: "Spam with trojan horse installed"
Maybe in reply to: William Deich: "Buffer Overflow in Super (new)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>In sum, items (i) and (ii) ensure that users can't create buffer overflows
>from the command line.  Item (iii) is insurance that users can't
>pass strings that might be confusing to super in some other, unanticipated
>manner.  Item (iv) avoids buffer overflows from user-supplied super.tab
>files.
>
>With apologies for the inconvenience to all,
>
>-Will

If any software producers (commercial or freeware) on this list
are paying attention:

I don't think I've ever seen a better response by an author to someone
finding a hole in his/her program.

He did a review of his whole product, closed down potential holes,
did it within a very short period of time, then apologized.

Will, with a response like yours, no apology is neccessary.  Thank
you for an excellent example of how to handle this type of situation.

                         Ryan

Next message: debian-security-announceat_private: "[SECURITY] New version of lsof fixes buffer overflow"
Previous message: Ansar Mohammed: "Spam with trojan horse installed"
Maybe in reply to: William Deich: "Buffer Overflow in Super (new)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:48 PDT