I want to understand how a vulnerable internet facing process on some computer is exploited to run arbitrary binary code.
I understand how buffer overflows could be used to overwrite the return address to make the process jump to a location it wasn't supposed to - but I don't know how it's possible for a process to execute arbitrary binary code that it recieves from an attacker.
It seems like if an attacker sends binary code to a process it will never be put into the .text section so it will remain non-executable, even if 'return' jumps into it. Stack and heap overflows wouldn't write into the section where code is stored, so they will still have a no execute bit.
Edit: To be clearer the main part I don't understand is this:
- the .text section where binary assembled CPU instructions are stored cannot be modified
- the .data/.bss section is marked as no-execute so that the information there will only be treated as data, will never be executed by the CPU