So based on my knowledge on windows apps, as far as i know the IAT gets filled with correct addresses when the library gets loaded (correct me if I'm wrong)
now in linux, they use GOT, and again based on my knowledge the GOT gets filled in run time by default, meaning first we jump into PLT, then the first time i use a function (for example puts) we first call the dynamic loader by jumping in the beginning of PLT and that fills the corresponding address in GOT, and next time i call puts then i directly jump into it after going into PLT
so this means that by default, windows fills all the addresses in the IAT in load time but linux doesn't, correct?
and if so, then isn't this a security risk for linux? because in windows IAT is inside the rdata section and is read only, but in linux is read and write! and for example if we have a format string exploit then we can write on GOT but this doesnt happen in windows, am i missing something here?