From owner-freebsd-security  Sun Aug 16 19:01:12 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id TAA23125
          for freebsd-security-outgoing; Sun, 16 Aug 1998 19:01:12 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mercury.webnology.com (mercury.webnology.com [209.155.51.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA23120
          for <security@FreeBSD.ORG>; Sun, 16 Aug 1998 19:01:10 -0700 (PDT)
          (envelope-from jooji@webnology.com)
Received: from localhost (jooji@localhost)
	by mercury.webnology.com (8.9.0/8.8.7) with SMTP id UAA30600;
	Sun, 16 Aug 1998 20:59:59 -0500
Date: Sun, 16 Aug 1998 20:59:59 -0500 (CDT)
From: "Jasper O'Malley" <jooji@webnology.com>
To: Michael Richards <026809r@dragon.acadiau.ca>
cc: security@FreeBSD.ORG
Subject: Re: Why don't winblows program have buffer overruns?
In-Reply-To: <199808162301.UAA09103@dragon.acadiau.ca>
Message-ID: <Pine.LNX.4.02.9808162048130.30290-100000@mercury.webnology.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 16 Aug 1998, Michael Richards wrote:

> One thing that I have always wondered is:
> Why aren't there buffer overruns for winblows that overrun the stack and
> execute nasty code?

Because nobody bothers to write them, and because the source code for most
Winblows programs isn't published, so crackers can't readily peruse it for
unchecked strcpy() calls. They have been written, and they're on the rise.
See DilDog's "The Tao of the Windows Buffer Overflow" at:

http://www.newhackcity.net/win_buff_overflow/index.html

Most of the "invalid page faults" you see with Winblows are due to buffer
overflows (or crummy bit-flipping RAM). All a cracker has to do is find
a replicable overflow and exploit it.

> Is there something different about the way those programs execute, and if
> so, other than the suid ability, what advantages does the BSD way of doing
> things have?

Everyone's root on Winblows :)

Cheers,
Mick

The Reverend Jasper P. O'Malley          dotdot:jooji@webnology.com
    Systems Administrator                  ringring:asktheadmiral
	Webnology, LLC               woowoo:http://www.webnology.com/~jooji


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message