From owner-freebsd-security  Sun Aug 16 16:55:42 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA08861
          for freebsd-security-outgoing; Sun, 16 Aug 1998 16:55:42 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from bright.fx.genx.net (bright.fx.genx.net [206.64.4.154])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA08856
          for <security@FreeBSD.ORG>; Sun, 16 Aug 1998 16:55:41 -0700 (PDT)
          (envelope-from bright@www.hotjobs.com)
Received: from localhost (bright@localhost)
	by bright.fx.genx.net (8.9.1/8.8.8) with SMTP id TAA08799;
	Sun, 16 Aug 1998 19:53:32 -0500 (EST)
	(envelope-from bright@hotjobs.com)
X-Authentication-Warning: bright.fx.genx.net: bright owned process doing -bs
Date: Sun, 16 Aug 1998 19:53:31 -0500 (EST)
From: Alfred Perlstein <bright@www.hotjobs.com>
X-Sender: bright@bright.fx.genx.net
To: Michael Richards <026809r@dragon.acadiau.ca>
cc: security@FreeBSD.ORG
Subject: Re: Why don't winblows program have buffer overruns?
In-Reply-To: <199808162301.UAA09103@dragon.acadiau.ca>
Message-ID: <Pine.BSF.3.96.980816195041.5053H-100000@bright.fx.genx.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

yes it's quite possible, but noone really cares to code exploits for
windows programs.  there could be use for an exploited windows box, but
urm... as you call it winblows, why would you want to?

there was an overflow in WARftpD, the authors wrote something like:
"we could have continued this hack, but we're unix coders and could care
less about having access to a windows box, DoS is enough"

(that is horribly paraphrased, but was the gist of it)

Alfred Perlstein - Programmer, HotJobs Inc. - www.hotjobs.com
-- There are operating systems, and then there's BSD.
-- http://www.freebsd.org/

On Sun, 16 Aug 1998, Michael Richards wrote:

> Hi!
> I have been following the buffer overrun discussions for quite some time.
> One thing that I have always wondered is:
> Why aren't there buffer overruns for winblows that overrun the stack and
> execute nasty code? I realise that there is no way to get a shell, but being
> able to exec "format" is still a useful thing for a cracker to do on a
> windows box.
> 
> Is there something different about the way those programs execute, and if
> so, other than the suid ability, what advantages does the BSD way of doing
> things have?
> 
> -Mike
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message