XP/Vista IGMP Buffer Overflow — Explained 208
HalvarFlake writes "With all the hoopla about the remotely exploitable, kernel-level buffer overflow discussed in today's security bulletin MS08-0001, what is the actual bug that triggers this? The bulletin doesn't give all that much information. This movie (Flash required) goes through the process of examining the 'pre-patch' version of tcpip.sys and comparing it against the 'post-patch' version of tcpip.sys. This comparison yields the actual code that causes the overflow: A mistake in the calculation of the required size in a dynamic allocation."
Let's get the preliminary stuff out of the way... (Score:3, Interesting)
Everyone should be forced to give up manual memory allocation regardless of the power it can afford.
#include "fucktard_troll.h"
Now that that's done with, I see things like this as an argument in favor of moving stuff off of the CPU and into dedicated hardware. Why should your CPU be tied up with things at this level? The absolutely overwhelming majority of all data on every network uses one of two network layer protocols (IPv4 or IPv6) and one of two transport layer protocols (TCP or UDP). Why shouldn't those four combinations be handled by hardware, so we can leave the computer to run the applications? We already do this with 3d rendering, why not networking?
Re:Windows is open-sores software (Score:5, Interesting)
The difference is that if it was FOSS, they'd be able to see the comment saying "// this doesn't match the specs but it worked for me in the test I did, so the specs must be wrong."
Re:Sounds like HowStuffWorks material! (Score:4, Interesting)
short audio [microsoft.com] clip with halvar explaining how he analyzes ms patches for differences
-- bookmark me [primadd.net]
Re:Let's get the preliminary stuff out of the way. (Score:4, Interesting)
you BINARY PATCH core OS code??? (Score:3, Interesting)
Now, don't get me wrong. I think that's a really cool hack. I admire the effort.
Seriously though, WTF? That's a rootkit technique. Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.
Re:Windows is open-sores software (Score:3, Interesting)
Also, though its educational purposes are undeniable and it certainly is interesting to say the least, what good is it? It can only be used to make one or two minor changes or a single bugfix after hours of work. Even then its a license violation.
There's lots of good reasons to have close source software, but saying that something like this invalidates one of OSS's biggest advantages is incorrect, regardless of your closed/open leanings.
Re:Windows is open-sores software (Score:2, Interesting)
Re:Why Windows 95 and NT 4 are enough (Score:4, Interesting)
(Not the original AC.)
"Bluto's right. Psychotic, but absolutely right."
- Otter, Animal House
OK, so Win9x wasn't a real OS. It had no security model. That was its unfixable weakness (instability), but that was also part of its salvation.
No network-aware services listening out of the box? No remote-unattended exploits!
And when/if something broke due to the instability - even something as bad as "registry corrupted - don't even fantasize about getting your GUI back", you just booted to DOS, extracted a "good" version of the reigstry from the last five copies in .cab files in C:\WINDOWS\SYSBCKUP, typed a few "ATTRIB" commands (i.e. chmodded it to be writable) and overwrote the "bad" user.dat and system.dat with ones that worked.
The 9x UI wasn't any better/worse than XP or Vista. How many of us took one look at XP's Fisher-Price interface and immediately "downgraded" it to the Win2K look?
Boot speed? My last gaming rig was a Pentium IV, 2.4 GHz, running at 3.2 GHz, 512MB RAM and a 120GB drive, and the fucking thing went from power-on to full-GUI-running-and-no-hard-drive-activity in 15 seconds. There were configuration files you could edit to support 1GB and (by replacing/patching WINDOWS\SYSTEM\IOSUBSYS\ESDI_506.PDR) hard drives over 128GB.
Once upon a time, Linux wasn't ready for the desktop. During those years, Win9x rocked. Crappy multi-user OS? Guilty as charged. Useless for a server? Absolutely. But as a single user OS/program-loader, it was hard to beat. DRM? Product activation? What's that?
Re:you BINARY PATCH core OS code??? (Score:1, Interesting)
I think the problem with this is that he's using the "Microsoft Windows" operating. This is made by a company called "Microsoft" [wikipedia.org] and not only do most users not get the source code, but Microsoft also tries to block redistribution of fixed versions even though that's the only way to get rid if certain bugs (e.g. the WGA and DRM bugs which causes many problems to users of Windows)
If you don't know Microsoft Windows, it's kind of interesting theoretically (in some versions it was close to a micro-kernel and was the first operating system to use Unicode in the Kernel) but probably not something you want to bother with yourself. Early versions were sort of derived from CP/M via QDOS [wikipedia.org] but later it was rewritten based on VMS [wikipedia.org]. This gives you a theoretically powerful system, but one which is too complex for most of the people who try to use it and so they have interesting security problems [wikipedia.org]. Windows doesn't come with much software by default and doesn't support yum, apt or even a ports system so most users end up installing binary softwares from unknown sources which just adds to the problem. Definitely not recommended even to play with unless you have tens of years of experience in system administration; but if you do, it can be an even more interesting challenge than trying to run entirely on plan 9.
Re:Why Windows 95 and NT 4 are enough (Score:5, Interesting)
"
Why?
Seriously, what can it do that XP can't? I'm interested.
File tasks are usually (IMHO) much better donw under Linux, which doesn't try to stop you doing anything.
Re:Why Windows 95 and NT 4 are enough (Score:5, Interesting)
Why because with the NT line MSFT broke a lot of other companies networking protocols. So we wouldn't be able to connect to the server, which stores all files and applications.(The win95 machines being not much more than dumb terminals). Windows XP won't work as said server company never made a proper upgrade path for such a configuration. Linux might, but I would need an old school netware guru, and someone with enough knowledge of linux to configure netware inside linux but also Dosbox. As all the applications are Dos based. when this setup was first deployed Linux was at 0.9 something.
Then you have to figure out how to sell it to a computer illiterate cheapskate boss.
Re:Yup, I do that (Score:1, Interesting)
Actually, that's a pretty good point. The only way to continue employing hundreds of millions of people, each of which can do the work to support dozens if not more, is to convince everyone that they need to buy the output of hundreds of millions of other people.
Otherwise, 1/10th of the population would have jobs, whose income would go entirely to pay welfare to support the other 9/10th, and even if you say "well, let the useless 9/10th die", the population would just contract, and you'd still only need to employ 1/10th of the population, until you reach the point where places like New York have evaporated into a small hamlet.