Errata

When I go to http://www.securitywarrior.com, I dont find Crack me program to download as per the instruction.

pg 35
symbol table has
B Uninitialized data (.bss)
however, the printed example of output shows
0804a06c A __bss_start
it would seem that Uninitialized data is signified by A rather than B

The last paragraph of section 5.1.1 reads as follows:

"Like several other C++ functions, strcpy( ) is inherently weak, in that it will write the extra characters past the variable end. This usually results in a program crash. In this particular case, the crash was an error in reading past the end of the statically allocated string. In a worst-case scenario, such an overflow might allow you to execute arbitrary code on the target system, as discussed later in this chapter."

The last sentence is correct. The rest ranges between minor and major technical inaccuracies.

First, the minor inaccuracy. strcpy() is a C function. Learn the difference between C and C++, don't just blurt C++ because you think it's a superset of C (it's not; not all C code compiles to C++). Consider as well that pointing out C functions, even in C++ code bodies, allows the reader to know that the C language is affected; obviously a template can only impact C++, but strcpy() impacts C and C++.

Next, the major one. The error here was NOT an error in reading past the end of a statically allocated string. Think what little sense that makes anyway; you could write to it, why not read? More importantly, wouldn't whatever caught the read also have caught the write, and thus the overflow? Knowledge of the stack and x86 C and C++ compilers should tell you that the buffer is in the stack frame anyway, and the whole stack is read/write. Again, you didn't write past the end of the stack, as that would take a lot of data and also would trigger a write error.

The reason memory could not be "read" is that read implies execute on x86. What happened here, as you may notice because the instruction apparently referenced its own address, is that the area of memory returned to was not mapped. The overflow overwrote the return address on the stack; upon RET, the program happily jumped elsewhere-- in this case, into nothing.

ctime records when the properties of a file was changed. mtime records when a file
was changed. For example, if you change a permission of a file, ctime changes.

pg 261
"RIX" should be "AIX"

pg 273
"www.openbsd.com" would more appropriately be "www.openbsd.org"

pg 274
"X Windows does function..." should be "does not function..."

As long as ~/.ssh2(or ~/.ssh) directory is owned by a user, the user can remove the
file "authorization"(or "authorized_keys"). So although the user can not modify the
file, he can remove the file and create a new file with the same name. It doesn't
work for a skilled user.

/etc/ftpusers is used for listing users who are "not" allowed logins via FTP.