Stack preparation for new process - bash / system() call differences

Question

I have an application that explains stack buffer overflow. I would like to provoke Return-to-libc attack.

Buffer overflow is based on:

int main(int argc, char **argv)
{
[...]
char buff[16];
strcpy(buff,argv[1]);
[...]
}

when I call this application direct from shell, I get expected error - stack is corrupted:

[syssec@syssecvm bufov1]$ ./vulnapp hhgfhdsgfsagfzutuewzrqwgfshgafsd
Segmentation fault

But when I'm trying to prepare the argument in other app (executor.c), and call vulnapp via system() call, nothing happens. vulnapp accepts argument of any lenght:

./executor
You executed:./vulnapp 01234567890123450123BBBB�%�/bin/ged�������/
[syssec@syssecvm bufov1]$ 

There is no stack corruption in this case.

Why is it like this ?

Is there any way to get the same effect (buffer overflow) in case of system() call ?

Answer 1

There is stack corruption. Function system() exited with error code probably 139. Your application didn't noticed that because it's different process.