From owner-freebsd-security Thu Mar 27 10:07:21 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA02147 for security-outgoing; Thu, 27 Mar 1997 09:51:24 -0800 (PST) Received: from who.cdrom.com (who.cdrom.com [204.216.27.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA02075 for ; Thu, 27 Mar 1997 09:51:11 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by who.cdrom.com (8.8.5/8.6.11) with SMTP id HAA04241 for ; Thu, 27 Mar 1997 07:07:16 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 1.60 #1) id 0wAGkB-00072F-00; Thu, 27 Mar 1997 08:05:35 -0700 To: proff@suburbia.net Subject: Re: FreeBSD-SA-97:02: Buffer overflow in lpd Cc: security@freebsd.org In-reply-to: Your message of "Thu, 27 Mar 1997 09:48:29 +1100." <19970326224830.6053.qmail@suburbia.net> References: <19970326224830.6053.qmail@suburbia.net> Date: Thu, 27 Mar 1997 08:05:35 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <19970326224830.6053.qmail@suburbia.net> proff@suburbia.net writes: : Writing exploit code using only alpha-numeric characters, "." and "-" might : be an interesting challenge. There have been reports in various lists that have exactly this kind of code, or at least pointers to this kind of code. Writing the egg for the buffer overflow is the hard part of this, but it has been done, at least for intel machines. Kinda scary. Then again, if you have the old ms-kermit program, look at boot.com. All printable characters and it does very useful things. While printable characters are a superset of a-zA-Z.-, there is no reason why you couldn't do it.... Warner