From owner-freebsd-security  Mon Aug 17 02:16:27 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA11645
          for freebsd-security-outgoing; Mon, 17 Aug 1998 02:16:27 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from aniwa.sky (aniwa.actrix.gen.nz [203.96.56.186])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA11640
          for <security@FreeBSD.ORG>; Mon, 17 Aug 1998 02:16:22 -0700 (PDT)
          (envelope-from andrew@squiz.co.nz)
Received: from localhost (andrew@localhost)
	by aniwa.sky (8.8.7/8.8.7) with SMTP id VAA01212;
	Mon, 17 Aug 1998 21:10:53 +1200 (NZST)
	(envelope-from andrew@squiz.co.nz)
Date: Mon, 17 Aug 1998 21:10:52 +1200 (NZST)
From: Andrew McNaughton <andrew@squiz.co.nz>
X-Sender: andrew@aniwa.sky
Reply-To: andrew@squiz.co.nz
To: Michael Richards <026809r@dragon.acadiau.ca>
cc: security@FreeBSD.ORG
Subject: Re: Why don't winblows program have buffer overruns?
In-Reply-To: <199808162301.UAA09103@dragon.acadiau.ca>
Message-ID: <Pine.BSF.3.96.980817210429.344B-100000@aniwa.sky>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sun, 16 Aug 1998, Michael Richards wrote:

> Why aren't there buffer overruns for winblows that overrun the stack and
> execute nasty code? I realise that there is no way to get a shell, but being
> able to exec "format" is still a useful thing for a cracker to do on a
> windows box.

Thinking a bit more about this, I suppose it says something about hackers
being motivated more by kudos than profit.  While there isn't much
publicity to be had in hitting someone's desktop machine, those machines
probably account for most storage of sensitive data.

Andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message