mailing list archives
Re: remote DoS in Mozilla 1.0
From: Andreas Beck <becka () uni-duesseldorf de>
Date: Tue, 11 Jun 2002 17:03:37 +0200
Tom <tom () lemuria org> wrote:
Is this really a mozilla bug?
It's a bug in X that becomes remote-exploitable through mozilla.
Ack. If X can be crashed by an application, X is at fault. We all know, that
there are "legal" ways to make X unuseable (xlock e.g.), but actually
crashing the X server should never happen, as a faulty application may cause
data loss in correct applications this way. Not what we expect in a Unix
(a) Fix every app to disallow font sizes bigger then <maxvalue>
(b) Fix XFS to return an error code to the calling application
when requested font size is greater then configured <maxvalue>
Personally i would go for b.
Personally, I would go for both, with a limitation on a, namely that
apps that accept remote data (i.e. mozilla) should definitely do some
checking on that data before handing it to the local system (i.e. X).
Right. Applications that accept untrusted data have a special responsibility
to canonicalize them in order to protect the underlying system from the
possible side effects. No matter if the underlying system _should_ be able
to cope with them.
However that does not mean, the bug in the lower layers may remain there.
Also note, that - as I already reported to Tom in PM - not all X servers
are affected. I tested the example sites using Mozilla 1.0RC2 on an XGGI
server which is based on rather old X-consortium code IIRC and the expected
effects did not show up.
Andreas Beck | Email : <becka () uni-duesseldorf de>