Salut,
Bruno Crochet wrote:
>
> En quoi un buffer overflow est-il dangereux?
>
J'avais pose une fois la question sur la mailing list
Linux de mon labo. Je copie ci-dessous la reponse obtenue.
Vuko
Here's my understanding of what buffer overflows are about:
Programs running with system privileges on your computer take
information sent by other computers, or by users on your own computer,
and
do something with the data. If the program isn't written carefully
enough, and if too many bytes are sent it, the data can overflow
whatever
space (buffer) is allocated, and replace something vital, such as the
address to which the program should return when a subroutine is
finished.
The data can contain computer instructions which, if executed, let the
perpetrator become root. The overflow bytes that land in the return
address can be the address of the beginning of those instructions. So
when the subroutine returns, the program returns to the wrong place and
your computer gets taken over. Those who figure out what to send a
vulnerable computer to crack it can make their knowledge public.
For more information, including helpful advice for criminals, look up
"buffer overflow" on www.google.com.
========================================================================
Vuko Brigljevic, Dr.sc.nat. ETH Zurich | Mail : CERN, Div. EP
Lawrence Livermore National Laboratory | 1211 Geneve 23
Nuclear and Particle Physics Division | Switzerland
| CERN-Office : B32-3C21
Member of the BaBar Collaboration | Phone : +41-22-767 9389
<[EMAIL PROTECTED]> <http://www.slac.stanford.edu/~vuko>
========================================================================
--
http://www-internal.alphanet.ch/linux-leman/ avant de poser
une question. Ouais, pour se d�sabonner aussi.
