The memcmp() bug in the interview seems simple enough. May I ask a novice question? What is unchecked buffer size problem? How can you take over a system because of an unchecked buffer? Is it a C/C++ specific problem? Thanks for enlighting me.
gets() lets the user type as much as they like. But in your program you can only have allocated a set size for the password (eg 100 bytes). So if they type for long enough they can go past the end of the password space, and their typing will start overwriting other parts of memory. If they know what they are doing they can type the right control characters and give themself a root shell.
It's a problem when you have programmers who don't understand buffers, using a language without buffer checking.
(1) Write small program that has unchecked buffer size problem. (2) Compile and run program. (3) Exploit unchecked buffer size problem in program they just wrote. (4) Compromise your own user account. (5)... (6) Profit!
Buffer overflows are only useful when the program has privileges you want. The only way your exploit would work is if you could run your program as root, in which case you're done before you've started.
What is unchecked buffer size problem? (Score:1)
Re:What is unchecked buffer size problem? (Score:2, Informative)
It's a problem when you have programmers who don't understand buffers, using a language without buffer checking.
Re:What is unchecked buffer size problem? (Score:1)
(2) Compile and run program.
(3) Exploit unchecked buffer size problem in program they just wrote.
(4) Compromise your own user account.
(5)
(6) Profit!
Buffer overflows are only useful when the program has privileges you want. The only way your exploit would work is if you could run your program as root, in which case you're done before you've started.
Re:What is unchecked buffer size problem? (Score:2)