Part 1 gets accepts a string from the user in a buffer. If the user enters a string which exceeds the size of the buffer it points to the entered string will getstored in the memory area which is beyond the buffer. This is an open invitation to a hacker. The hacker could use the Buffer over flow technique to get into your system and gain root rights too. In brief buffer overflow is a mechanism where in you insert cleverly crafted text into a buffer which exceeds its size and ultimately writes your instruction pointer. Once you can manipulate the instruction pointer you have gotten control of the system and can run shells with root rights!!! More details on google.
I do not have answers to any of your other questions. Harshal. ----- Original Message ----- From: "Gollum Fights Gandalf and looses" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 11, 2002 8:51 AM Subject: [ilugd]: C problem & gentoo & gtk > Hi all > I have this smal question the man pages say not to use gets() because it > can lead to security holes. According to them there is no way of knowing > if the string exceds the Size of the array. So what. Why is that a > security hole. > > Part two has anyone tried gentoo linux. This one has a package manager > of only source files. Meaning it compiles everything that is installed. > If anyone has used it can anyone tell me where to get it. I am really > keen to see how it works. > > part three guys no one told me how internationalisation works. The more > I read about it more confused i get. there are all kinds of techno words > utf8 unicode pot potfiles. What are all this. and what is gettext. I saw > a pot file it has a list of tags. wherever there is some string used in > the code is placed in them what could that mean! hum? > > gollum > > > > > ================================================ > To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org > ================================================ To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
