mailing list archives
Re: Ray Cromwell: Another Netscape Bug (and possible security
From: cl4lkryl () cling gu se (Leonard Krylov)
Date: Wed, 27 Sep 1995 10:32:26 +0100
Hey folks, I need to know about this 'stack overwriting thing'
thet is so lively discussed. As I understand it (and correct me
if I'm wrong), the point is to pass in data to a non-bound
checking routine (like syslog), and make it so constructed
that it 'rewrites' some parameters on the stack.
Subsequent routines will then pop these phoney params and
off we go...
Am I right? Can anybody provide me with more detailed info
and perhaps some harmless example (please please please!!!)
BTW, I am thinking about a possible bug in programs, that open
files R/RW and tell them to be opened across exec()'s. They maybe
setuid() in time, but forget to close the file descriptor (hmm).
Go check it out!