Stack-based buffer overflow exploitation techniques

[Carlos Eduardo Santiviago <segfault () brturbo com>]

Hello,

supposing this simple vuln code:

int main(int argc, char *argv[])
{
   char buf[128];

   strcpy(buf, argv[1]);
   return 0;
}

I am doing a research about stack-based exploitation techniques and i know 4 ways to do it (to help me overwrite saved 
eip/ebp):

1. using nop sled (P49-14)
2. using environment variables (murat, netric.org)
3. using ptrace() (RaiSe's linuxconfig exploit)
4. returning-into-libc

The question is: is there any other way to exploit it?

thanks,
--
/sf