no, because the area that the buffer overflows into will likely be ram in use by another application or more likely the os. basically what happens is a bunch of code gets shoved into ram, by the software being overflowed, into an area of ram the software in question likely has no business accessing at all, and when the os or other software that's been corrupted by having it changed in ram happens to branch into that area of memory during "normal" execution the code gets run, just because it's there and the software doesn't know the ram has been corrupted by a buffer overflow. buffer overflow is usually checked for by software, but sometimes not thoroughly prevented and sometimes the "diagnostic" code that would detect overflow is removed deliberately or accidentally during optimization. high level languages tend to produce code with extensive error checking, but once a piece of software "works" it is usually recompiled with most of the error checking turned off to speed execution.
"Eric D." wrote: ------------ > But, wouldn't the exploit still be limited by the permissions Apache has to > run on a system -- if it is not running as root (or does it?) [in OS X], it > shouldn't have access to root functions & thus should be limited to wreaking > havoc with the user space in which it is running. ----------- -- Philip Stortz, mad scientist at large. --Every 13 seconds an American gun owner uses a firearm in defense against a criminal. gun ownership deters crime, it doesn't increase it. gun control increases crime and cost lives. <http://www.pulpless.com/gunclock/framedex.html> -- G-List is sponsored by <http://lowendmac.com/> and... Small Dog Electronics http://www.smalldog.com | Refurbished Drives | -- We have Apple Refurbished Monitors in stock! | & CDRWs on Sale! | Support Low End Mac <http://lowendmac.com/lists/support.html> G-List list info: <http://lowendmac.com/lists/g-list.shtml> Send list messages to: <mailto:[EMAIL PROTECTED]> To unsubscribe, email: <mailto:[EMAIL PROTECTED]> For digest mode, email: <mailto:[EMAIL PROTECTED]> Subscription questions: <mailto:[EMAIL PROTECTED]> Archive: <http://www.mail-archive.com/g-list%40mail.maclaunch.com/> Using a Macintosh? Get free email and more at Applelinks! <http://www.applelinks.com>
