From owner-freebsd-questions@FreeBSD.ORG Sun Oct 17 22:35:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B951716A4CE for ; Sun, 17 Oct 2004 22:35:19 +0000 (GMT) Received: from serv01.divms.uiowa.edu (serv01.divms.uiowa.edu [128.255.44.134]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3EE3643D46 for ; Sun, 17 Oct 2004 22:35:19 +0000 (GMT) (envelope-from jason-dusek@uiowa.edu) Received: from [10.59.1.6] ([63.254.130.211]) by serv01.divms.uiowa.edu with id i9HMZ7b2007561 for ; Sun, 17 Oct 2004 17:35:12 -0500 (CDT) Message-ID: <4172F3D2.8040200@uiowa.edu> Date: Sun, 17 Oct 2004 17:36:02 -0500 From: Jason Dusek User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20040907 X-Accept-Language: en-us, en MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -4.9 () BAYES_00 X-Scanned-By: MIMEDefang 2.43 Subject: No Buffer Overflow X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Oct 2004 22:35:19 -0000 Hi Everyone, I am reading an intro to shell-coding, and the following program is used as a simple example of vulnerable code: /* vuln.c */ int main(int argc, char **argv, char **envp) { char buf[256]; strcpy(buf, argv[1]); return 0; } When I run this code like this: 18 > vuln Segmentation fault (core dumped) it segfaults, like the tutorial says. In the tutorial this line: 19 > vuln `perl -e 'print "A"x256 . "BBBB" . "CCCC"'` also segfaults, but not on my machine. Is this some FreeBSD security feature? 20 > uname -a FreeBSD localhost 5.3-BETA2 FreeBSD 5.3-BETA2 #0: Mon Sep 6 15:27:56 CDT 2004 root@localhost:/usr/obj/usr/src/sys/CUSTOM i386 If this doesn't cause a segfault, does it still overflow? _jason