From: Trano <Trano@gmx.net>
> Does this "exit(1)" really prevents the program from being exploited?
Yes. You need to return from the current function for the return address
to be used.
#include <string.h>
int main(int argc, char **argv)
{
char buf[100+1]; // + NULL
if (argc>1) strcpy(buf, argv[1]);
/* strncpy(argv[1], buf, 100); */
/* return from function is implied */
}
./a.out `perl -e 'print "a"x200'`
a.out[31618]: Immunix SG 2.0 canary = aff0d died with cadaver 61616161
in procedure main.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
