Dubious security vulnerability: Manual operations can cause a program to hang
source link: https://devblogs.microsoft.com/oldnewthing/20240326-00/?p=109574
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Dubious security vulnerability: Manual operations can cause a program to hang
Raymond Chen
A security vulnerability report came in that went roughly like this:
Copy a huge amount of text to the clipboard, like a half a gigabyte. Run the XYZ program and paste it all. The program crashes. This is a denial of service against program XYZ. A photo of the crash is attached.
First of all, the claim that the program crashes is incorrect. The photo shows that the cursor is a spinning donut, and the title bar says “(Not Responding)”. The program hasn’t crashed. It has stopped responding, probably because it’s busy trying to process a half-gigabyte of data. But, presumably, if you wait long enough, it will eventually finish (or run out of memory).
While it’s true that this could be considered a denial of service against program XYZ, it’s entirely self-inflicted. You chose to paste half a gigabyte of data into program XYZ, so you get to wait for it to finish.
Besides, if you wanted to launch a denial-of-service attack against program XYZ, there’s a much simpler way: Click the red “X” button in the upper right corner to close the program.
Now nobody can use it.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK