Not all software vulnerabilities are exploitable. Vulnerabilities that are not exploitable only allow a denial of service condition upon being triggered. Exploitable vulnerabilities allow code execution when triggered.
There are two methods to achieve code execution in relation to buffer overflows:
1) RET overwrite = control return address of instruction pointer
2) SEH (structured exception handler) overwrite = control content of handler that will be executed upon an exception
To clarify:
Basically, SEH overwrites provide a second method to exploit a vulnerability in the event that a RET overwrite is unsuccessful or not exploitable. Obviously, more vectors being available to facilitate exploiting a vulnerability increases the number of vulnerabilities that are exploitable. SEH overwrites reduce the number of vulnerabilities that only produce a denial of service condition.
Mitigations have been developed to prevent SEH overwrites. These include SafeSEH and SEHOP. Methods are known that allow bypassing both mitigations. SafeSEH is bypassed if only one component of the program doesn't implement this mitigation; it is common that not all components implement SafeSEH. SEHOP is bypassed if ASLR is compromised via a memory disclosure vulnerability.
So, what does this have to do with the security benefits of a UNIX foundation?
UNIX and UNIX-like operating systems, such as Mac OS X and Linux, don't have structured exception handling. So, SEH overwrites, as a vector to increase the number of exploitable vulnerabilities, doesn't exist in these operating systems. The signalling system used in these operating systems isn't liable to this type of manipulation.
SEH overwrites do provide a plausible explanation for more vulnerabilities being exploitable in Windows.
http://www.i-hacked.com/freefiles/EasyChat_SEH_exploit_v1.3.pdf
http://www.sysdream.com/sites/default/files/sehop_en.pdf
There are two methods to achieve code execution in relation to buffer overflows:
1) RET overwrite = control return address of instruction pointer
2) SEH (structured exception handler) overwrite = control content of handler that will be executed upon an exception
To clarify:
Basically, SEH overwrites provide a second method to exploit a vulnerability in the event that a RET overwrite is unsuccessful or not exploitable. Obviously, more vectors being available to facilitate exploiting a vulnerability increases the number of vulnerabilities that are exploitable. SEH overwrites reduce the number of vulnerabilities that only produce a denial of service condition.
Mitigations have been developed to prevent SEH overwrites. These include SafeSEH and SEHOP. Methods are known that allow bypassing both mitigations. SafeSEH is bypassed if only one component of the program doesn't implement this mitigation; it is common that not all components implement SafeSEH. SEHOP is bypassed if ASLR is compromised via a memory disclosure vulnerability.
So, what does this have to do with the security benefits of a UNIX foundation?
UNIX and UNIX-like operating systems, such as Mac OS X and Linux, don't have structured exception handling. So, SEH overwrites, as a vector to increase the number of exploitable vulnerabilities, doesn't exist in these operating systems. The signalling system used in these operating systems isn't liable to this type of manipulation.
SEH overwrites do provide a plausible explanation for more vulnerabilities being exploitable in Windows.
http://www.i-hacked.com/freefiles/EasyChat_SEH_exploit_v1.3.pdf
http://www.sysdream.com/sites/default/files/sehop_en.pdf