Open source software security

ablog_Solved the Buffer Overflow!

30 November -0001
w00t! I solved the buffer overflow project for my security class. Granted, I submitted the solution over four days late, and it wasn't for a grade, but still. I was really bugged by not being able to complete the project (which meant I couldn't finish my article at http://www.madirish.net?article=168 also!). Thankfully I met with the TA and managed to read enough about C to finally figure out how to properly craft the overflow payload. So annoying. I think the toughest thing about buffer overflows is that you can't really see what's going on. You fire off these arcane payloads into the memory buffer and either the exploit works, or it crashes. Not having access to core dumps on the target machine made it extreme guess work (you couldn't really figure out how the program failed, you'd just know that it failed). It also sucked that when you fired up the debugging environment it would change the way the system handled memory in subtle ways, but extreme enough to invalidate some research you could do from within the GDB. Anyways, I'm glad it's over!