Re: exploitable code? - Stephen Satchell

linux-c-programming.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stephen Satchell <list@fluent2.pyramid.net>
To: xjnfx@doityourself.com, linux-c-programming@vger.kernel.org
Subject: Re: exploitable code?
Date: Sun, 30 Jun 2002 21:44:12 -0700	[thread overview]
Message-ID: <5.1.0.14.0.20020630214141.00a96040@fluent2.pyramid.net> (raw)
In-Reply-To: <20020701033859.B54653ECC@sitemail.everyone.net>

At 08:38 PM 6/30/02 -0700, jnf wrote:
>hi, ive got a question, is this code exploitable?
>
>int main(int argc, char **argv) {
>char buf[256];
>
>strcpy(buf,argv[1]);
>exit(1);
>}
>
>everything i read says yes, but i cant seem to get it. I don't see any way 
>of overwriting esp for ret, so as far as i can tell i must go into the 
>exit function, and exit comes before leave, so i cant land to arb. code. 
>So am I just dumb, or am I playing with code that isnt exploitable?
>
>fyi, this isnt an actual program but a program created for educational 
>purposes.
>thx

The exit function may well be a "long jump" that uses the return value for 
the function "main" as its target.  Therefore, when the exploiting code 
overwrites the return address for "main" the "exit" call will use the 
overwritten value.

Too bad people aren't required as a matter of course to look at the 
assembler output of code from compilers anymore.  You learn a lot seeing 
how your statements get translated to machine code.

Satch

next prev parent reply	other threads:[~2002-07-01  4:44 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-07-01  3:38 exploitable code? jnf
2002-07-01  4:44 ` Stephen Satchell [this message]
2002-07-01  6:45 ` Glynn Clements
  -- strict thread matches above, loose matches on Subject: below --
2002-07-01  4:52 jnf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5.1.0.14.0.20020630214141.00a96040@fluent2.pyramid.net \
    --to=list@fluent2.pyramid.net \
    --cc=linux-c-programming@vger.kernel.org \
    --cc=xjnfx@doityourself.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).