Boooooh, wie langweilig. -martin
> -----Original Message----- > From: Stijn Jonker [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 11, 2002 3:06 PM > To: Tom > Cc: [EMAIL PROTECTED] > Subject: Re: remote DoS in Mozilla 1.0 > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello all, > > The one think that keeps popping up in my mind after reading > your post: > > Is this really a mozilla bug? > > My answer: > > No, because try and font of the size 1666666px in gimp on the > same system, > the symptoms and the end effect is exactly the same here. > > System: RH 7.3 > 512 M memory > 1024M Swap > Xfs & XFree86 4.2.0 > > What happens is that XFS consumes huge amounts of ram, and > finally bails > out. So end of story for the fonts in X. As a result X is practicly > useless. > > I can only guess what happens when you don't use XFS but > Xserver based > fontrendering, the X server consumes huge amounts of mem and > cpu and bails > out => server crash => Bye Bye X. > > The solution(s): > (a) Fix every app to disallow font sizes bigger then <maxvalue> > (b) Fix XFS to return an error code to the calling application > when requested font size is greater then configured <maxvalue> > > Personally i would go for b. > > Just my $0.02, but is you disagree please let me know. > > On Mon, 10 Jun 2002, Tom wrote: > > > Author > > ====== > > Tom Vogt <[EMAIL PROTECTED]> > > http://web.lemuria.org/ > > > > Affected > > ======== > > Mozilla 1.0 and earlier > > verified on Linux and Solaris, other Unixes most likely > affected as well. > > > > Effect > > ====== > > System becomes unuseable or X windows crashes > > (varies depending on system configuration) > > > > Description > > =========== > > When loading pages with a specially prepared (or erroneous) > stylesheet, > > mozilla and X windows (not restricted to XFree) exhibit any of two > > <<SNIP>> > > > > > Example > > ======= > > Include a huge font size in your style sheet definition, e.g.: > > body { font-size: 1666666px; } > > > > - -- > Met Vriendelijke groet/Yours Sincerely > Stijn Jonker <[EMAIL PROTECTED]> > > - -- > Outlook Express is actually an incredibly effective virus > distribution system which only pretends to be an email program. > [by Eric Lee] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE9BfWcH0P/oLuWBrcRAqB3AJkBudCe8ovF9+u5dPdFEYP/p1zUtgCbBc4I > k/e0j6d1HDEQQb/XiWKnF3k= > =TUcz > -----END PGP SIGNATURE----- > ---------------------------------------------------------------------------- PUG - Penguin User Group Wiesbaden - http://www.pug.org
