Bugtraq mailing list archives

Re: XML in IE 5.0

From: Ryan.Russell () SYBASE COM (Ryan Russell)
Date: Fri, 14 Jan 2000 22:15:25 -0800

Not really. I'm not excusing the bug. They should fix it. I'm just saying
that in my opinion, being able to send a browser some data that makes it
hang doesn't necessarily constitute a denial of services. You can still
close out of the browser and probably not lose much available memory, I
assume, and no other services are affected other than the one browser
process.


The original poster claimed the memory was not recovered.  Crashing
IE5 can also take out the desktop if active desktop is enabled, so
it's a bit worse than that.  Plus, I believe the implication that spotting
an accidental crashing/hanging points towards the strong possibility
of something worse with intentionally evil data.

You can do the same thing to Netscape Navigator (funny how *their* bugs
are less offensive to people) by making a valid HTML document (of course,
"valid HTML" still has a lot of leeway) containing nested tables or lists,
about 15 levels deep. I have an example of this at:
http://www.skew.org/xml/tree_viewers/sample_output.html
(not a plug; just don't expect the page to load in most versions of
Navigator)


Both Navigator and IE include what some folks would call Turing-complete
langauges.  You can't devise any code that will catch all instances of
programs doing werid things.  Mr. Turing has a halting problem that says
so.  So, as long as the browsers don't include the concept of resource limits,
or you don't use the resource limit features of your OS, we'll see these types
of problems forever.

For Windows users, The MS guys gave an interesting talk at the NTBugtraq
Canada Day Party at Russ' house last year.  NT2000 will include a feature that
is similar to su on unix, which will allow one to have different windows open
as different users on the same box... I believe it's an extension of the
terminal server concept.  Anyway, once folks get NT2000, they should really
consider running their browsers as locked-down, non-priveledged users.

I believe you can do the same on most modern unices now with judicious
use of su and xhost adjustments.

                         Ryan

Current thread:

Re: XML in IE 5.0 Mike Brown (Jan 13)
- Re: XML in IE 5.0 Mikael Olsson (Jan 13)
  - Re: XML in IE 5.0 Mike Brown (Jan 13)
- <Possible follow-ups>
- Re: XML in IE 5.0 Ryan Russell (Jan 14)
  - Re: XML in IE 5.0 Brian Behlendorf (Jan 17)
    - Re: XML in IE 5.0 David LeBlanc (Jan 18)
    - Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
  - Re: XML in IE 5.0 Darren Reed (Jan 17)
    - Re: XML in IE 5.0 Jesper M. Johansson (Jan 19)
    - SubSeven 2.1a (trojan) Andrew Griffiths (Jan 19)
    - Re: XML in IE 5.0 David LeBlanc (Jan 20)
    - Some discussion in http-wg ... FW: webmail vulnerabilities: a new pragma token? Eric D. Williams (Jan 19)
  - SyGate 3.11 Port 7323 / Remote Admin hole jalerta () nestworks com (Jan 28)
  - [LoWNOISE] Rightfax web client 5.2 ET LoWNOISE (Jan 29)

(Thread continues...)