The memcmp() bug in the interview seems simple enough. May I ask a novice question? What is unchecked buffer size problem? How can you take over a system because of an unchecked buffer? Is it a C/C++ specific problem? Thanks for enlighting me.
gets() lets the user type as much as they like. But in your program you can only have allocated a set size for the password (eg 100 bytes). So if they type for long enough they can go past the end of the password space, and their typing will start overwriting other parts of memory. If they know what they are doing they can type the right control characters and give themself a root shell.
It's a problem when you have programmers who don't understand buffers, using a language without buffer checking.
Here's possibly a dumb question related to buffer overruns:
So someone who has access to a text editor and a compiler on a system can possibly gain root access? Seems to me they could use the following procedure: (1) Write small program that has unchecked buffer size problem. (2) Compile and run program. (3) Exploit unchecked buffer size problem in program they just wrote.
What is unchecked buffer size problem? (Score:1)
Re:What is unchecked buffer size problem? (Score:2, Informative)
It's a problem when you have programmers who don't understand buffers, using a language without buffer checking.
Re:What is unchecked buffer size problem? (Score:0)
So someone who has access to a text editor and a compiler on a system can possibly gain root access? Seems to me they could use the following procedure:
(1) Write small program that has unchecked buffer size problem.
(2) Compile and run program.
(3) Exploit unchecked buffer size problem in program they just wrote.
???
Re:What is unchecked buffer size problem? (Score:2)