Date: Wed, 8 Dec 1999 11:58:23 -0800 (PST) From: Alfred Perlstein <bright@wintelcom.net> To: Jonathon McKitrick <jcm@dogma.freebsd-uk.eu.org> Cc: Kris Kennaway <kris@hub.freebsd.org>, freebsd-chat <chat@FreeBSD.ORG> Subject: Re: Yahoo hacked last night Message-ID: <Pine.BSF.4.21.9912081154210.4557-100000@fw.wintelcom.net> In-Reply-To: <Pine.BSF.4.02A.9912081911460.38037-100000@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Dec 1999, Jonathon McKitrick wrote: > On Wed, 8 Dec 1999, Kris Kennaway wrote: > >worth the effort given the expected rewards. Hell, even SSH has had buffer > >overflows.. > > One thing i never understood... why does a buffer overflow automatically > cause a root shell, or does it always? I mean, when i crash > programs, i get a core dump and that's it. Even with segmentation faults, > the memory protection seems quite robust, and the OS stays on its feet. > I've never been dropped to root on my own system, despite crashing. For a function to be able to return to its caller it must store the return address on the stack, what a buffer overflow generally does is overwrite that return address with a pointer to some more data on the stack which is actually machine instructions to exec a shell. When the function returns, it gets hijacked, it never returns to its caller, it jumps into its own stack and exec's a shell. -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9912081154210.4557-100000>