Date: Sun, 16 Aug 1998 19:53:31 -0500 (EST) From: Alfred Perlstein <bright@www.hotjobs.com> To: Michael Richards <026809r@dragon.acadiau.ca> Cc: security@FreeBSD.ORG Subject: Re: Why don't winblows program have buffer overruns? Message-ID: <Pine.BSF.3.96.980816195041.5053H-100000@bright.fx.genx.net> In-Reply-To: <199808162301.UAA09103@dragon.acadiau.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
yes it's quite possible, but noone really cares to code exploits for windows programs. there could be use for an exploited windows box, but urm... as you call it winblows, why would you want to? there was an overflow in WARftpD, the authors wrote something like: "we could have continued this hack, but we're unix coders and could care less about having access to a windows box, DoS is enough" (that is horribly paraphrased, but was the gist of it) Alfred Perlstein - Programmer, HotJobs Inc. - www.hotjobs.com -- There are operating systems, and then there's BSD. -- http://www.freebsd.org/ On Sun, 16 Aug 1998, Michael Richards wrote: > Hi! > I have been following the buffer overrun discussions for quite some time. > One thing that I have always wondered is: > Why aren't there buffer overruns for winblows that overrun the stack and > execute nasty code? I realise that there is no way to get a shell, but being > able to exec "format" is still a useful thing for a cracker to do on a > windows box. > > Is there something different about the way those programs execute, and if > so, other than the suid ability, what advantages does the BSD way of doing > things have? > > -Mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980816195041.5053H-100000>