Bugtraq mailing list archives
Re: Re: MS Internet Explorer 7 Denial Of Service Exploit
From: Glynn Clements <glynn () gclements plus com>
Date: Sat, 22 Nov 2008 22:14:51 +0000
craig () airnet net wrote:
On Konqueror 3.5.9, what happens is that this childish code builds a huge string, eats memory, causes swapping, and finally blows away Konq. Linux and X and everything else stay up and recover nicely. (Gentoo/AMD64X2/3G mem) This isn't an exploit -- at least not on Linux -- it's just kiddie stupidity. It doesn't take any particular cleverness to blow memory by dynamically creating bigger and bigger data structures. With virtual memory and 64-bit pointers, when exactly do we return -ENOMEM?
When RLIMIT_AS has been exceeded. If you disable the use of mmap'd-malloc() via mallopt(M_MMAP_MAX, 0), you can effectively limit malloc() via RLIMIT_DATA. If you really want to allow a single process to use all available RAM for itself, you can; but you don't have to. It might be nice if the browser limited the amount of memory which could be used by e.g. JavaScript (although for Firefox, you would probably want the limit to only be applied to "external" JavaScript, given that much of the browser itself is written in JavaScript). -- Glynn Clements <glynn () gclements plus com>
Current thread:
- Re: Re: MS Internet Explorer 7 Denial Of Service Exploit craig (Nov 22)
- Re: MS Internet Explorer 7 Denial Of Service Exploit Nick Kirby (Nov 24)
- Re: Re: MS Internet Explorer 7 Denial Of Service Exploit Glynn Clements (Nov 24)
- <Possible follow-ups>
- Re: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit 0xjbrown41 (Nov 24)