Errata:

• After "So as we can see there is not much to the execve() system call. All we need to do is:", the steps are typo'ed. It should go:
  3. Copy 0xb into the EAX register
  4. Copy the address of "/bin/sh" into the EBX register
  5. Copy the address of the address of "/bin/sh" into the ECX register
• The same issue exists in the following list (the one following "Our list of steps is now")
• When considering the arguments to execve(), the paper is not consistent about what goes in %edx. In the original disassembly, the 0 word is moved into %edx (and where it says "Copy the address of the null pointer into %edx" is a typo). In the shellcode, %edx gets the address of a memory word that contains 0. (And to be clear, %edx and EDX refer to the same thing in the paper.)