Date: Wed, 8 Dec 1999 11:18:24 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org> Cc: freebsd-chat <chat@freebsd.org> Subject: Re: Yahoo hacked last night Message-ID: <Pine.BSF.4.21.9912081115040.71719-100000@hub.freebsd.org> In-Reply-To: <Pine.BSF.4.02A.9912081911460.38037-100000@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Dec 1999, Jonathon McKitrick wrote: > One thing i never understood... why does a buffer overflow automatically > cause a root shell, or does it always? I mean, when i crash > programs, i get a core dump and that's it. Even with segmentation faults, > the memory protection seems quite robust, and the OS stays on its feet. > I've never been dropped to root on my own system, despite crashing. It happens because by carefully crafting the stuff which overflows the buffer (i.e. actually presenting machine-executable code instead of arbitrary data), the attacker can cause his code to be executed by the attacked machine (this is often why buffer overflows cause crashes, because the buffer overflowed into an area read and interpreted by the program, which can be exploited to change the execution of the program). This can lead to the execution of a shell under the user ID of whatever was running the exploited program - in the case of a daemon running as root, it would be a root shell. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9912081115040.71719-100000>