
I got accidental code execution via glibc? - there
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
======
alexgartrell
I'm not usually a meta poster (famous last words), but I would love to see
more of _this_ (hardcore systems stuff) on hackers news.

As an aside, anyone know other good sites for this kind of stuff?

~~~
lwat
I like <http://www.reddit.com/r/ReverseEngineering/>

and sometimes <http://www.reddit.com/r/compsci/>

------
kaizoku_
This guy doesn't really seem to understand the bug he's trying to explain or
actually what happened in his "accident".

~~~
nl
I think he understands it all too well (and missed explaining a lot of things
that a casual reader really needs to know)

The code execution is not the point of the story.

~~~
kaizoku_
The title makes me think that the code execution is the point of the story and
he doesn't seem to understand how that happens in fnmatch().

~~~
pmjordan
He's established that the stack pointer rolls over due to integer overflow. He
_hasn't_ established exactly which part of the input data gets copied over the
return pointer, but you're only really interested in that if you're trying to
exploit the weakness. Establishing that the stack pointer _does_ overflow is
sufficient for the purposes of fixing the bug.

