Comment by trollbridge

1 day ago

Making a strcpy honeypot doesn’t sound like a bad idea…

  void nobody_calls_me(const char *stuff) {
          char *a, *b;
          const size_t c = 1024;

          a = calloc(c);
          if (!a) return;
          b = malloc(c);
          if (!b) {
                  free(a);
                  return;
          }
          strncpy(a, stuff, c - 1);
          strcpy(b, a);
          strcpy(a, b);
          free(a);
          free(b);
  }

Some clever obfuscation would make this even more effective.

2 comments

trollbridge

snvzz 1 day ago

That got those Core SDI abo vibes.

Flashback of writing exploits for these back in high school.

trollbridge 6 hours ago

In an interesting way, this is an attempt to exploit LLMs into revealing themselves.