heya... i think this would be the best spot to post this, so here i am.

OK:
my question is about hackers/hacking and buffer overflows.
how does this work? alot of security notices i have seen (regardless of system/os) are related to buffer/integer overflows, and they say that it can lead to remote execution of arbitrary code, usually.
so for example... in some c program, say its a simple console app' and it is asking for a input of a name. the program internally has a string (character array) with max length of 10 characters.. if i enter an 11-character name, this can somehow be accomplished? (i know thats very simple example) or in what-case scenarios?
how is the remote code executed and where is it stored? is the code some command-line statement? or is the code a call to some function in the source code file it resides in, with the supplied paramaters?
just in general.. i have been wondering how this works. if someone could share their knowledge on this, or point me to a good link about it (not one intended for someone with a phD, however).. that would be appreciated.

NOTE:
this post is strictly for informational purposes... i do _not_ intend to go 'leet haxor' into someones computer with any knowledge i gain from this. in fact, it could only benefit me for future programming too (writing safer code). if this post is inapproprite on this site, i understand and apologize.

BTW..
i would say im still very new to linux (i guess it isnt really a linux-directed question though), and i use ubuntu whenever i have spare time to fool around and break stuff , all other times i run xp pro. i am just finishing 2nd year of college for computer programming, so i do have knowledge in programming.

When a program is executed it's allocated an array in memory called a stack. As the code is executed by the processor, things like variables and pointers are temporarily stored in the stack. Each time a new set of instructions is pushed onto the stack, a pointer to the memory location of where the program is currently being executed is loaded onto the stack as well, that way the system can know where to return to once it is done executing the current set of instructions and get new ones. This is important, because if you "overflow" a buffer (assign a value too large for the buffer memory size you've declared/allocated it) then you can fill the buffer that the program was expecting and overwrite other values in the stack (just like you can do with any other array). Normally this just results in a segmentation fault that you've probably done 1000 times already in your programming classes without realizing what's actually is happening. The trick is to then overwrite the address in the return pointer with an address that you already know contains the memory position of the arbitrary code you want to execute. There are shortcuts such as using the NOP instruction or using a debugger to identify memory addresses.

So from a programmers perspective you can avoid this by checking the size of values you plan to assign to variables (especially anything that is user supplied). Usually this concept isn't really introduced until more advanced programming classes and unfortunately they often let novice programmers use dangerous functions like strcpy and scanf. That's a very brief and cursory description and this forum isn't really the place for a more detailed description.

For more info go read "Smashing the Stack for Fun and Profit" at phrack or go buy the book "Hacking: The Art of Exploitation" and above all remember to only use your powers for good.

alright caveman.. thank you for the insight.

ill look into that first resource you mentioned, and hopefully others. i remember talking about the stack... theres the stack and the heap in ram, eh?

Yeah there are two types of overflows like I mentioned, stack and heap overflows (there's actually a third called bss overflows that I'm not that familiar with). They both function in a similar manner except stacks and heaps "grow" in different directions. So when the stack is overflowed, the data you push onto the stack overwrites values moving towards the position of the return pointer. With a heap-based overflow you are moving away from them, so what you are usually overwriting is some other variable in the actual executing code (say for example UID number or something).