A.Both buffer-overflow and string vulnerabilities can lead to the modification of the return address field, but the ways how the field is modified are different in these two attacks. Please describe their difference, and comment on which one is less restricted.
B. Since printf() does not require any privilege, we can temporarily disable the program’s privilege before we execute this statement; this way, even if the format-string vulnerability is exploited, attackers will not be able to gain much privilege. Please comment on this idea