Posts: 6,485
Threads: 176
Joined: Jan 2012
Thanks: 131
Given 1075 thank(s) in 852 post(s)
Tell me, Linux enthisiasts, how does this reflect the "Linux is safer" mantra that I hear oh so often? How could Linux be so safe if the default configuration allows programs to execute data, and thus is very prone to buffer over-/underflow attack vectors?
On Windows, the original code doesn't work simply because the "code" for main is stored within the data segment, which is non-executable by default, thus making it safe. Why doesn't this happen on Linux, too?
Posts: 204
Threads: 6
Joined: Oct 2015
Thanks: 23
Given 17 thank(s) in 16 post(s)
02-10-2016, 12:54 AM
(This post was last modified: 02-10-2016, 12:56 AM by Schwertspize.)
Btw, there are many exploits on Windows in order to get root access which won't get fixed because "it's would require too many changes".
Edit: they are called privilege escalation
And with a bit of spearfishing you could easily 1. Grab admin access, 2. Simulate a problem to get the real admin to login there, 3. "pass the hash" to use single sign on to take over the domain admin
Posts: 1,162
Threads: 68
Joined: Mar 2013
Thanks: 245
Given 125 thank(s) in 100 post(s)
02-11-2016, 06:32 AM
(This post was last modified: 02-11-2016, 06:34 AM by tonibm19.)
Why is an infinite loop so evil?
EDIT: i think i got it, ¿execute any code / root access?
Posts: 953
Threads: 16
Joined: May 2013
Thanks: 67
Given 106 thank(s) in 90 post(s)
How is it possible that operating systems incite so much emotion. Its not like anybody even knows exactly how safe a piece of software is, and so people just end up asserting unfounded statements.
Posts: 223
Threads: 40
Joined: Aug 2015
Thanks: 22
Given 21 thank(s) in 18 post(s)
02-11-2016, 08:09 AM
(This post was last modified: 02-11-2016, 08:12 AM by DrMasik.)
Any OS system has scope of usage. Such MS Windows - fast install and start project with support and free staff. Unix-like - much more time to setup and less staff to support.
Security paradigm for Windows system is "What is not forbidden - is allowed". It is not good choose for enterprise projects.
Security paradigma of Unix-like is "What is not allowed - is forbidden".
But more and more Linux systems begin to use paradigma of MS.
I'm using MS and Linux OS. When I can use FreeBSD - I'm do it. Whe I can use Linux-like - I'm use Red Hat. In other case - I'm use Windows.
No point in arguing what OS is better. And it's the first sign of not knowing the area of OS applications.
Any OS has exploits and "bugs" it is software created by people.
Posts: 6,485
Threads: 176
Joined: Jan 2012
Thanks: 131
Given 1075 thank(s) in 852 post(s)
I'm just wondering why Linux doesn't default to the more secure "don't execute data unless explicitly allowed". This somewhat negates what you've said - Windows doesn't execute data unless explicitly allowed, while Linux is happy to execute data by default. And I hope we can agree that executing data is a bad idea most of the time.
Posts: 6,485
Threads: 176
Joined: Jan 2012
Thanks: 131
Given 1075 thank(s) in 852 post(s)
I don't think this is about the kernel, it's about the compiler not outputting correct segment flags for the data segment.