At 17:09 11/08/2002 +0000, Alan Cox wrote:
In fact several exploits work on the basis they overrun a stack section with a complete return sequence including variables to cause an execlp("/bin/sh", ...) to occur.
Yup, that was exactly the case in the Phrack article that started this whole topic. It's actually the most common of the "buffer overrun" exploitation techniques.
Ross "strpcy() considered harmful" Patterson