A possible virus

Jason Stewart jstewart at rtl.org
Fri Apr 27 12:09:15 GMT 2001


Greetings,

I disagree with your statement below, because source code is not executable 
until it is compiled.

>Again, this is *horribly* off topic, but, I disagree.  Worms work
>because software fails to interpret it correctly.  If there is a broken
>tar utility out there with a buffer overflow in it, then source code
>could be a worm.  Just like a broken image viewer can let an image file
>be a worm.  How long ago was it that people would riducle the warnings
>not to read your email because it could destroy your hard drive.
>Everyone knew that reading email can't destroy your hard drive.

The source code itself could never be a worm. Source code must first be 
compiled to be executable. A shell script, or shellcode could be executed, 
though. In order to exploit a buffer overflow, you have to overflow the 
buffer, pay attention to where the stack frame pointer is offset, then put 
your executable code where the stack pointer returns. This is difficult, 
but it would (AFAIK) be impossible to compile source code on the fly after 
a buffer is overwritten.


Good day,
Jason Stewart





More information about the samba mailing list