From: Marius Nita <marius@cs.pdx.edu>
To: ashtrax <xlp@emtel.net.co>
Cc: linux-c-programming@vger.kernel.org
Subject: Re: A exploitable C program
Date: Mon, 15 Jul 2002 10:41:01 -0700 [thread overview]
Message-ID: <20020715104101.A23326@cs.pdx.edu> (raw)
In-Reply-To: <20020712153007.B39369@nietzsche.metrotel.net.co>; from xlp@emtel.net.co on Fri, Jul 12, 2002 at 03:30:07PM -0500
On Fri, Jul 12, 2002 at 03:30:07PM -0500, ashtrax wrote:
> Hi, each time I ask for this topic I am suggested to read that document, I have read it several times but I dont understand the concepts.
>
You need to get some basic knowledge of how a computer functions and how unix
processes are mapped in memory. (some of this is explained in that buffer
overflow document)
The basic idea is that if your program is not sane enough to check for
boundaries on static and dynamic arrays, it could be forced to write past the
end of an array. Since memory is linear (you can think of memory as a big long
row of bytes) there could be important stuff past the end of that array, such
as the return address of a function. If you overwrite that with another
address, you could cause that function to return to some other random place,
which you can use to manipulate the program in malicious ways.
In a nutshell, a buffer overflow is writing past the end of an array. (You say
int foo[4]; and sometime later you say *(foo + 4) = blah;)
a good way to avoid overflows is to use a memory debugger. (valgrind is an
excellent one)
next prev parent reply other threads:[~2002-07-15 17:41 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-07-12 4:33 A exploitable C program ashtrax
2002-07-12 10:01 ` Elias Athanasopoulos
2002-07-12 20:30 ` ashtrax
2002-07-13 8:27 ` Elias Athanasopoulos
2002-07-15 17:41 ` Marius Nita [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-07-12 14:49 Huber, George K CECOM RDEC STCD SRI
2002-07-14 9:22 jnf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020715104101.A23326@cs.pdx.edu \
--to=marius@cs.pdx.edu \
--cc=linux-c-programming@vger.kernel.org \
--cc=xlp@emtel.net.co \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).