From owner-freebsd-security Sun Aug 16 16:01:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA03928 for freebsd-security-outgoing; Sun, 16 Aug 1998 16:01:47 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from relay.acadiau.ca (relay.acadiau.ca [131.162.2.90]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA03923 for ; Sun, 16 Aug 1998 16:01:46 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon.acadiau.ca (dragon [131.162.1.79]) by relay.acadiau.ca (8.8.5/8.8.5) with SMTP id UAA06274 for ; Sun, 16 Aug 1998 20:01:13 -0300 (ADT) Received: by dragon.acadiau.ca id UAA09103; Sun, 16 Aug 1998 20:01:12 -0300 From: 026809r@dragon.acadiau.ca (Michael Richards) Message-Id: <199808162301.UAA09103@dragon.acadiau.ca> Subject: Why don't winblows program have buffer overruns? To: security@FreeBSD.ORG Date: Sun, 16 Aug 1998 20:01:11 -0300 (ADT) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! I have been following the buffer overrun discussions for quite some time. One thing that I have always wondered is: Why aren't there buffer overruns for winblows that overrun the stack and execute nasty code? I realise that there is no way to get a shell, but being able to exec "format" is still a useful thing for a cracker to do on a windows box. Is there something different about the way those programs execute, and if so, other than the suid ability, what advantages does the BSD way of doing things have? -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message