On Tue, 12 Feb 2002, Gerardo Richarte wrote: > Claes Nyberg wrote: > > > $ cat test.c > > int main(int argc,char *argv[]) { > > char buf[256]; > > > > strcpy(buf,argv[1]); > > exit(1); > > } > > isn't that source missing a few lines at the top? :) > oh, it's not the orignal, argc and argv are "wrong"! > > you already got some good answers, so i'll just add one question for you: > > what does exit() return? tricky question don't you think? > > gera > > PS: Anyway, don't always believe what everybody said... there are situations where it is > exploitable... different platforms, different architectures maybe. And I've seen really > creative answers to the problem too > It is exploitable under HP-UX PA-RISC 1.1 at least... Check: http://www.phrack.org/show.php?p=58&a=11 Zhodiac
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 10:45:17 PST