Im learning a thing or two about buffer overflows, and a tutorial I'm reading has the following piece of code:
Most of it is perfectly clear, it loads the shellcode into an environment variable, but what I am confused about is line  and . setenv copies the shellcode, etc. to the environment variable, so what is the point of thise 2 lines?
#define NOP 0x90
char shellcode =
puts('Eggshell loaded into environment.');
setenv('EGG', shell, 1);
putenv(shell); // 
system('bash'); // 
The tutorial also gives a second piece of code (to retrieve the memory address of the environment variable).
This is strange to me (and it doesnt work, I think it gives a segmentation fault), basically it gets the VALUE of the environment variable, so how on earth is it supposed to get its address?
Any help would be appreciated.