|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Buffer Overflow in Super (new)
Ryan Russell (Ryan_Russell
SYBASE.COM)Fri, 26 Feb 1999 09:49:27 -0800
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: debian-security-announceLISTS.DEBIAN.ORG: "[SECURITY] New version of lsof fixes buffer overflow"
- Previous message: John Fraizer: "Re: Cobalt root exploit"
- Maybe in reply to: William Deich: "Buffer Overflow in Super (new)"
>In sum, items (i) and (ii) ensure that users can't create buffer overflows
>from the command line. Item (iii) is insurance that users can't
>pass strings that might be confusing to super in some other, unanticipated
>manner. Item (iv) avoids buffer overflows from user-supplied super.tab
>files.
>
>With apologies for the inconvenience to all,
>
>-Will
If any software producers (commercial or freeware) on this list
are paying attention:
I don't think I've ever seen a better response by an author to someone
finding a hole in his/her program.
He did a review of his whole product, closed down potential holes,
did it within a very short period of time, then apologized.
Will, with a response like yours, no apology is neccessary. Thank
you for an excellent example of how to handle this type of situation.
Ryan
- Next message: debian-security-announceLISTS.DEBIAN.ORG: "[SECURITY] New version of lsof fixes buffer overflow"
- Previous message: John Fraizer: "Re: Cobalt root exploit"
- Maybe in reply to: William Deich: "Buffer Overflow in Super (new)"