From owner-freebsd-security Sun Aug 16 21:35:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA12650 for freebsd-security-outgoing; Sun, 16 Aug 1998 21:35:13 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from brooklyn.slack.net (brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA12641 for ; Sun, 16 Aug 1998 21:35:11 -0700 (PDT) (envelope-from andrewr@brooklyn.slack.net) Received: from localhost (andrewr@localhost) by brooklyn.slack.net (8.8.7/8.8.7) with SMTP id AAA15955; Mon, 17 Aug 1998 00:16:06 -0400 (EDT) Date: Mon, 17 Aug 1998 00:16:06 -0400 (EDT) From: andrewr To: Michael Richards <026809r@dragon.acadiau.ca> cc: security@FreeBSD.ORG Subject: Re: Why don't winblows program have buffer overruns? In-Reply-To: <199808162301.UAA09103@dragon.acadiau.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I believe there have been posts on bugtraq, specifically from people at the l0pht. So, just do a search from their archives at either geek-girls.com or at netspace.org. So, check it. Andrew On Sun, 16 Aug 1998, Michael Richards wrote: > Hi! > I have been following the buffer overrun discussions for quite some time. > One thing that I have always wondered is: > Why aren't there buffer overruns for winblows that overrun the stack and > execute nasty code? I realise that there is no way to get a shell, but being > able to exec "format" is still a useful thing for a cracker to do on a > windows box. > > Is there something different about the way those programs execute, and if > so, other than the suid ability, what advantages does the BSD way of doing > things have? > > -Mike > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message