5.4 Shellcode Detection

Attack
Buffer Overflow with shellcode 
Send shellcode to program parameters and envp 

Defense
Check Shellcode in envp and argc
Prevent shellcode in the parameter/env
Log:

LIDS: bash (dev 3:2 inode 80747) pid 21323 ppid 21318 uid/gid (500/500) on (ttyp
) : Found overlong parameters when exec /usr/X11R6/bin/xlock: length = 4095 
LIDS: bash (dev 3:2 inode 80747) pid 21323 ppid 21318 uid/gid (500/500) on (ttyp
) : Shellcode detected when exec /usr/X11R6/bin/xlock, program terminated!