tags:

views:

285

answers:

3
Q: 

Buffer overflow - Windows vs Unix

I'm trying to figure out the security concerns between buffer overflows in Windows vs Unix.

As I understand it, the buffer overflow Windows hack cannot be implemented in Unix because each process is given it's own memory space. Does this mean that processes in Windows share memory space?

+1  A: 

Both Windows and Unix processes have memory isolation. Buffer overflow attacks can occur in both environments.

Todd Stout  2009-10-21 23:57:06
Ah, I didn't realize that. Thanks!
Goose Bumper  2009-10-22 03:52:50
+2  A: 

Shared memory space is not the reason for most buffer overflow exploits. Windows doesn't have shared memory since Win 3.0 (or Win 3.1 running on 80286), so it's been a long time, almost 20 years, since Windows was last shipped which supported shared memory model.

Buffer overflow allows the attacker to change memory in the process which is being exploited. By doing that the attacker is aiming to execute a system operation (for example start a process, or load a dynamic library, or change a certain user's rights, etc.) using the target processes' privilege level.

This is possible on Win* platforms, *nix platforms, and many other. How the OS and the application which is being exploited, is dealing with this attempt, is what makes the difference. On the application side, careful buffer size checking is what it usually takes to avoid this. Technologies like ASLR (address space layout randomization, which prevents the attacker from guessing the address of a function she needs to call to do harm) and DEP (data execution prevention, which prevents the attacker from injecting executable code into your data areas), provided by the OS, help tremendously. On the OS side, not running applications as root/administrator is perhaps the most important line of defense.

Rom  2009-10-22 00:06:04
+1  A: 

Maybe you should clarify what you mean with "buffer overflow Windows hack". Buffer-overflows do not necessarily need to modify code of other processes.

Example: Read from cin to a fixed-sized byte array can be used to run custom code. If the program itself runs as root, neither Unix nor Windows can do anything to prevent the hack - memory isolation won't help at all.

As Todd pointed out, Windows and Unix are both capable of memory isolation (which is very basic stuff compared to DEP or ASLR).

Marcel J.  2009-10-22 00:06:54
To be fair the OS simply cannot do process isolation and DEP unless the underlying machine supports it. IBM-PCs couldn't do either and DEP has been possible only recently. Full ASLR takes its toll in terms of performance which is why many OSes do it lazily. IIRC Macs were lagging far behind in ASLR until Snow Leopard.
jbcreix  2010-02-14 06:39:57

related questions

Obscuring network proxy password in plain text files on Linux/UNIX-likes
Why doesn't **find** find anything?
Getting stack traces on Unix systems, automatically
Differences between unix and windows files
How do you do a case insensitive search using a pattern modifier using less ?
Using Visual Studio to develop for C++ for Unix
How do I generate ASCII codes 2 and 3 in a Bash command line?
What's in your .procmailrc
Allow user to set up an SSH tunnel, but nothing else
What is PHP Safe Mode GID?
How to avoid redefining VERSION, PACKAGE, etc.
How can I encode xml files to xfdl (base64-gzip)?
Faster way to find duplicates conditioned by time
Date arithmetic in Unix shell scripts
Using Xming X Window Server over a VPN
Windows Equivalent of 'nice'
How do I configure and communicate with a serial port?
Choosing a static code analysis tool
What should a longtime Windows user know when starting to use Linux?
How do I use (n)curses in Ruby?
Process size on UNIX
Getting root permissions on a file inside of vi?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
Fastest way to get value of pi