[2269] in bugtraq
No subject found in mail header
daemon@ATHENA.MIT.EDU (Leonard Krylov)
Wed Sep 27 14:29:51 1995
Date: Wed, 27 Sep 1995 10:32:26 +0100
Reply-To: Bugtraq List <BUGTRAQ@crimelab.com>
From: Leonard Krylov <cl4lkryl@cling.gu.se>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@crimelab.com>
Hey folks, I need to know about this 'stack overwriting thing'
thet is so lively discussed. As I understand it (and correct me
if I'm wrong), the point is to pass in data to a non-bound
checking routine (like syslog), and make it so constructed
that it 'rewrites' some parameters on the stack.
Subsequent routines will then pop these phoney params and
off we go...
Am I right? Can anybody provide me with more detailed info
and perhaps some harmless example (please please please!!!)
BTW, I am thinking about a possible bug in programs, that open
files R/RW and tell them to be opened across exec()'s. They maybe
setuid() in time, but forget to close the file descriptor (hmm).
Go check it out!
/LK/
