>#include <stdio.h> > >int >main(int argc, char **argv) >{ > char buf[100]; > strcpy(buf, argv[1]); > exit(1); >} > >[--snip--] > >would not be exploitable because of the "exit(1)". >I'm not familiar with C yet so I don't know if he's right or not. I >looked for some text which handles this topic but I couldn't find >one. Even Smashing the stack for fun and profit doesn't mention this >aspect so now I'm confused. >May someone here can tell me what's right :-) This is right :) It's right because it clears the instruction pointer invalidating and spoofed return address you store. The whole idea is to get your offset to the shellcode in te EIP, if it clears you'll segfault and thats it. ------------------------------------------------------------ Email account furnished courtesy of AntiOnline - http://www.AntiOnline.com AntiOnline - The Internet's Information Security Super Center! ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.