6

So apparently Hell has finally and completely frozen over: the next major update for Windows 10 will be able to natively run Bash, related tools, and even some broader set of Linux binaries/programs from the Ubuntu repositories.

From technical info released so far, the update this summer will add Linux subsystem components to Windows, on top of which will sit a special image from Canonical of Ubuntu user-mode components. The subsystem components translate Linux system calls to Windows system calls. (In essence, it's an emulator-like situation.) Bash, ssh, apt, and other components will run natively, but Canonical says so will "most of the tens of thousands of binary packages available in the Ubuntu archives". Including stuff like apache and MySQL.

Okay, so that brings two closely-related questions to mind that I don't have the knowledge re. Linux development & software architecture to answer:

  1. Is it plausible that exploits designed to work on Linux/Ubuntu components & programs (eg. Shellshock for Bash, if it already hadn't been discovered & patched) could work on Ubuntu on Windows to some degree?

  2. Is it plausible that some malware written to run Ubuntu/similar Linux distros will now be able to run natively on Windows 10?

Note: I ask not so much really with existing exploits and malware in mind, but thinking more about whether Ubuntu on Windows will allow exploit creators & malware developers in the future to go "cross-platform" simply by targeting stuff to work on Ubuntu (Ubuntu user-mode territory, anyways).

mostlyinformed
  • 2,715
  • 16
  • 38

1 Answers1

7

It depends. From the information released so far it looks like that the implementation is done using some kind of OS personality, similar to what Linux can do with Windows binaries (wine) or SCO UNIX binaries. This would mean that logic attacks or buffer overflows at the application level (i.e. shellshock, heartbleed, getaddrinfo libc bug ...) could work but might need adjustments due to different memory layouts. Attacks using kernel facilities would not work since it is not using the linux kernel but the windows kernel as the lower layer.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • 3
    This doesn't answer the question and instead just speculates. I know it's not your fault since speculation is all that is available at this time but it hardly falls into the category of authoritative answers backed by fact. – kalina Mar 31 '16 at 08:39
  • 7
    @kalina: I disagree. Its a valid assessment of the problem described; some malware will exploit the platform, some won't. The difference depends on the nature of the exploit. Yes, there is no standard for designing security defects in systems, hence it is impossible to say if the platform will be vulnerable to a given exploit, but in order to deliver the claimed functionality, the platform must be vulnerable to some exploits. – symcbean Mar 31 '16 at 09:07