The Daily Static
  The Daily Static
UF Archives
Register
UF Membership
Ad Free Site
Postcards
Community
Geekfinder
UFie Gear
Advertise on UF
Forum Rules
& FAQ

Username

Password


Create a New Account

  
 

Back to UserFriendly Strip Comments Index
Question about buffer overflows in MS vs *nix by romandas2004-12-14 06:14:02
  He's full of *moderated* by TrogL 2004-12-14 07:28:39
You can do buffer overruns in any operating system.

The main differences between coding for MS$ and unixen is that MS$ is written to look pretty on the screen and make people go "ooh" and unix is written to actually do meaningful work.

Solaris may be slightly better than other unixen because Sun hired expensive smart people to write the OS. Linux is up there (there's a /. article about this) because a lot of smart people (some them the same people as above) have been bashing away (pun intended) at it for years. In contrast, Digital didn't hire smart people (geez, I had to tell THEM how to make the thing work) and their product suffered. Sun is now trying to get the best of both worlds by opening their source.

AFAIK buffer overruns are caused by running past the end of an array. A typical example is an unterminated string. Start corrupting random bits of memory and a program quickly becomes unstable and perhaps exploitable if you can figure out how. If such program is running from root or suid, you can compromise the system.

The main advantage to unixen (as pointed out by others) is that most programs are run by users with less than root privelege. On windows, for ease of use (eg. installing software) users tend to make themselves Administrators. So much for security.
[ Reply ]
    The whole point of by Didactylos2004-12-14 07:35:08

 

[Todays Cartoon Discussion] [News Index]

Come get yer ARS (Account Registration System) Source Code here!
All images, characters, content and text are copyrighted and trademarks of J.D. Frazer except where other ownership applies. Don't do bad things, we have lawyers.
UserFriendly.Org and its operators are not liable for comments or content posted by its visitors, and will cheerfully assist the lawful authorities in hunting down script-kiddies, spammers and other net scum. And if you're really bad, we'll call your mom. (We're not kidding, we've done it before.)