Graphics Programs Reference
In-Depth Information
7 - Quit
[Name: Jon Erickson]
[You have 60 credits] ->
Change user name
Enter your new name: Your name has been changed.
-=[ Game of Chance Menu ]=-
1 - Play the Pick a Number game
2 - Play the No Match Dealer game
3 - Play the Find the Ace game
4 - View current high score
5 - Change your user name
6 - Reset your account at 100 credits
7 - Quit
[Name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAp?]
[You have 60 credits] ->
[DEBUG] current_game pointer @ 0xbffff9e0
whoami
root
id
uid=0(root) gid=999(reader)
groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(
plugdev),104(scanner),112(netdev),113(lpadmin),115(powerdev),117(admin),999(re
ader)
0x350
Format Strings
A format string exploit is another technique you can use to gain control of
a privileged program. Like buffer overflow exploits,
format string exploits
also
depend on programming mistakes that may not appear to have an obvious
impact on security. Luckily for programmers, once the technique is known,
it's fairly easy to spot format string vulnerabilities and eliminate them.
Although format string vulnerabilities aren't very common anymore, the
following techniques can also be used in other situations.
0x351
Format Parameters
You should be fairly familiar with basic format strings by now. They have
been used extensively with functions like
printf()
in previous programs.
A function that uses format strings, such as
printf()
, simply evaluates the
format string passed to it and performs a special action each time a format
parameter is encountered. Each format parameter expects an additional
variable to be passed, so if there are three format parameters in a format
string, there should be three more arguments to the function (in addition
to the format string argument).
Recall the various format parameters explained in the previous chapter.
