Date: Fri, 26 Feb 1999 09:49:27 -0800 From: Ryan Russell <Ryan_Russell@SYBASE.COM> Subject: Re: Buffer Overflow in Super (new) To: BUGTRAQ@NETSPACE.ORG >In sum, items (i) and (ii) ensure that users can't create buffer overflows >from the command line. Item (iii) is insurance that users can't >pass strings that might be confusing to super in some other, unanticipated >manner. Item (iv) avoids buffer overflows from user-supplied super.tab >files. > >With apologies for the inconvenience to all, > >-Will If any software producers (commercial or freeware) on this list are paying attention: I don't think I've ever seen a better response by an author to someone finding a hole in his/her program. He did a review of his whole product, closed down potential holes, did it within a very short period of time, then apologized. Will, with a response like yours, no apology is neccessary. Thank you for an excellent example of how to handle this type of situation. Ryan