From owner-freebsd-chat Wed Dec 8 14:57:37 1999 Delivered-To: freebsd-chat@freebsd.org Received: from nisser.com (c1870039.telekabel.chello.nl [212.187.0.39]) by hub.freebsd.org (Postfix) with ESMTP id 5F5CB150C6; Wed, 8 Dec 1999 14:57:32 -0800 (PST) (envelope-from roelof@nisser.com) Received: from nisser.com (roelof [10.0.0.2]) by nisser.com (8.9.3/8.9.2) with ESMTP id XAA04312; Wed, 8 Dec 1999 23:55:59 +0100 (CET) (envelope-from roelof@nisser.com) Message-ID: <384EE21E.AE92B628@nisser.com> Date: Wed, 08 Dec 1999 23:56:30 +0100 From: Roelof Osinga Organization: eboa - engineering buro Office Automation X-Mailer: Mozilla 4.7 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Alfred Perlstein Cc: Jonathon McKitrick , Kris Kennaway , freebsd-chat Subject: Re: Yahoo hacked last night References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alfred Perlstein wrote: > > It's common in C where automatic variables are allocated on the stack. Shoot, yes. Forgot about that. > ... > The stack is executable, check the mailing lists for "trampoline" > this hasn't come up in almost a year. OK, so you put the code in the stack with a return address that points to it. Given an automatic variable that is overflowing that would work. > It's not difficult if you have the source or a lot of time on your > hands. It's indeed easier than I thought . Alas. Roelof -- ---------------------------------------------------------------- Het Slakke Huis van de TGV op http://SlakkeHuis.com/ ---------------------------------------------------------------- Home is where the (@) http://eboa.com/ is. Telekabel home http://nisser.com/ Beveiligingsverwijzingen http://nisser.com/links.htm Chello lijn monitor http://nisser.com/~roelof/logs_chello.shtml ---------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message