VanLUG Email Archive
A Z (arek_z@yahoo.com)
Sat, 26 Dec 1998 10:54:52 -0800 (PST)
Thanks Brian and Shane for clarifying that. I asked other people, but
I never got a stright answer or it was very ambigious. Now at least I
know the difference and see why the command pipings wouldn't work
arek
---Brian Edmonds <brian@gweep.bc.ca> wrote:
>
> A Z <arek_z@yahoo.com> writes:
> > Now is that how buffer-over-flows work and how you get your commands
> > to execute..by overflowing the buffer and then having a pipe so
> > whatever you have on the right side gets executed?
>
> They're not using the phrase "overflows the buffer" in the same way as
> the common security usage of "buffer overflow." As Shane has
explained,
> buffer overflows in the security sense typically involve using fixed
> length strings on the stack in places where the user can provide
longer
> data than you're prepared to handle.
>
> The shell is simply doing IO buffering, so the next program in the
> pipeline can get useful amounts of data, rather than dribbling a
> character at a time at it.
>
> Brian.
>
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2.0b3 on Sat 26 Dec 1998 - 10:57:36 PST