From owner-freebsd-security  Sun Aug 16 16:01:47 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA03928
          for freebsd-security-outgoing; Sun, 16 Aug 1998 16:01:47 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from relay.acadiau.ca (relay.acadiau.ca [131.162.2.90])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA03923
          for <security@freebsd.org>; Sun, 16 Aug 1998 16:01:46 -0700 (PDT)
          (envelope-from 026809r@dragon.acadiau.ca)
Received: from dragon.acadiau.ca (dragon [131.162.1.79])
	by relay.acadiau.ca (8.8.5/8.8.5) with SMTP id UAA06274
	for <security@freebsd.org>; Sun, 16 Aug 1998 20:01:13 -0300 (ADT)
Received: by dragon.acadiau.ca 
	id UAA09103; Sun, 16 Aug 1998 20:01:12 -0300
From: 026809r@dragon.acadiau.ca (Michael Richards)
Message-Id: <199808162301.UAA09103@dragon.acadiau.ca>
Subject: Why don't winblows program have buffer overruns?
To: security@FreeBSD.ORG
Date: Sun, 16 Aug 1998 20:01:11 -0300 (ADT)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi!
I have been following the buffer overrun discussions for quite some time.
One thing that I have always wondered is:
Why aren't there buffer overruns for winblows that overrun the stack and
execute nasty code? I realise that there is no way to get a shell, but being
able to exec "format" is still a useful thing for a cracker to do on a
windows box.

Is there something different about the way those programs execute, and if
so, other than the suid ability, what advantages does the BSD way of doing
things have?

-Mike

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message