Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

XP/Vista IGMP Buffer Overflow — Explained

kdawson posted more than 6 years ago | from the that-didn't-take-long dept.

Security 208

HalvarFlake writes "With all the hoopla about the remotely exploitable, kernel-level buffer overflow discussed in today's security bulletin MS08-0001, what is the actual bug that triggers this? The bulletin doesn't give all that much information. This movie (Flash required) goes through the process of examining the 'pre-patch' version of tcpip.sys and comparing it against the 'post-patch' version of tcpip.sys. This comparison yields the actual code that causes the overflow: A mistake in the calculation of the required size in a dynamic allocation."

Sorry! There are no comments related to the filter you selected.

well gee (5, Funny)

sentientbrendan (316150) | more than 6 years ago | (#21964604)

>This comparison yields the actual code that causes the overflow:
>A mistake in the calculation of the required size in a dynamic allocation

I hope no one else makes this mistake.

Why Windows 95 and NT 4 are enough (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21964650)

Why upgrade?

I don't plan to upgrade from Windows 95, NT 3.51, and NT 4 on the desktop. With network booting, Windows 95/NT do everything I need for user workstations. Of course, I run OpenBSD on the server. Modern graphical user interfaces are mess. Even modern versions of X are very bloated. And don't get me started on mainstream window managers.

Microsoft should go back to Windows 95's user interface. Combine it with NT and add a good command line shell with SFU. That would be perfect for end users. Windows 95 is actually very stable. I've had no problems supporting it for many desktops with network booting - as long as I don't install IE 5.5 and it's new Explorer.

Microsoft should go back to fast, light user interfaces like Windows 95. Windows 95 was the best consumer operating system in 1995 (I like Apple, but Macs still had cooperative multitasking though OS 9.)

To all IT admins: Just put all users on Windows 95. Office 97 has all the features you need. Anything else can be accessed through NCSA TELNET, SecureSHell, or even vnc.

Re:Why Windows 95 and NT 4 are enough (1)

RuBLed (995686) | more than 6 years ago | (#21964738)

To all IT admins: If you're planning on following this, please do note that you need to ban all knife sharpeners at the workplace plus I heard home depot just got this new shipment of these thick fiberglass cubicle walls...

Re:Why Windows 95 and NT 4 are enough (5, Insightful)

Gription (1006467) | more than 6 years ago | (#21966060)

There is a real point to his argument. It also happens to be the real flaw in his argument...

The only real reason to "upgrade" something is if you need something more. For business, need should be defined as something that will do a business function that will make money, replace labor, acquire additional business related information of value, etc... It has to do something you truly need. If all you any business need for is a computer that runs a word processor then he has a genuine point. It assumes that there is no other piece of software that serves a valid business need that anyone else might need.

A number of pieces of software have been written that require a later OS that fulfill a number of very valuable ($$$) tasks. Also Win 95 is only stable if you have hardware with extremely good drivers under it, a limited number of processes/programs on top of it, and your continuous up-time requirements are somewhat limited. This makes 95 a long way from being the one-size-fits-all solution. (I have one Win 95B station at my desk just to do drive data recovery and to do a few file tasks that XP doesn't want to let you do...)

Using that same logic there isn't a valid reason for almost anyone to use Vista instead of XP. Plus there is the "Business downside" of the end users having to relearn how to use computers that they already knew how to use.

Vista's big offerings are two fold:
- One is what I call the "raccoon" factor. Give people something bright and shiny and their eyes will roll back in their head as they start to murmur, "Gimme, gimme, gimme..." as you can hear the words, "It is new!" echoing softly in the background. This offers them nothing that is real but it does drive people amazingly hard. Look at the number of people that paid $100+ premiums to have an iPhone in the first week of release. A month later no one including themselves remember that they got their phone early and it certainly didn't pay any dividend for the expense but they will do it again: They are raccoons!
- Two, Vista includes huge DRM underpinnings. After XP was released Bill Gates publicly stated they the next version of Windows wouldn't be an OS but instead it would be a Digital Rights Management Platform. This does nothing for us but does plenty for Mickeysoft and the big media companies. I notice they aren't mentioning that fact any more either!

Basically Microsoft wrote a new OS for themselves instead of us and they made it really visually flashy so the raccoon in all of us will want to roll our eyes back in our head and buy it. The fact that they forgot to put anything we actually need in it has made its adoption really tank. The only real reason they have sold any volume of it is that you almost can't buy a computer without it. To help the process along Microsoft has pushed for new hardware that doesn't have XP driver support and you will start to see programming tools with limited or missing XP support.

We are coming up to a point where we are looking at a future where we could lose control of what is on our own computers! Vista is already trying to decide if you should be able to access your own files that are already on your computer! Take this fact and combine it with the whole limitations being rammed down our throat with HDTV and we are looking at being consumers that are buying things that we have no control over. A computer could easily act as a HDTV 'VCR' because that is an amazingly simple function but we have been forced to buy into a system where that isn't allowed. The only HDTV VCR like devices are subscription ($$) based!

You are being quietly guided into a world where you will tithe endlessly to corporations for simple things that in the past you could buy once and be done with. MS has tried to make the OS subscription based. (tithe) Limited number of play media files are subscription based. (tithe) Buying a cell with an MP3 player in it that you will just replace in a year or two is another type of subscription. (tithe) A Tivo that requires a monthly payment? (tithe) Get real, that is such a blatant rip off. Buying ring tones? (tithe) HA!

If the raccoon doesn't wake up we will all be renting our underwear and after we are done spending our money we won't have anything to keep.

Re:Why Windows 95 and NT 4 are enough (0)

Anonymous Coward | more than 6 years ago | (#21966386)

You do, of course, have the option of not subscribing and living without these so called "needs." Rather than blaming the media companies for wanting more control of their product, I'm more inclined to blame the modern consumer for having redefined needs from food, water, and shelter to food, water, shelter, and my favorite TV shows and music. If they're being sold with a license that you don't want to agree to, then you are perfectly free to look for alternatives that aren't as restrictive. If people want to dish out more and more of their money for a less and less valuable product, then more power to them. The only true protest against this trend is to turn to more agreeable alternatives - not whining and still dishing out the money anyway.

Re:Why Windows 95 and NT 4 are enough (4, Interesting)

Nursie (632944) | more than 6 years ago | (#21966582)

"(I have one Win 95B station at my desk just to do drive data recovery and to do a few file tasks that XP doesn't want to let you do...)
"


Why?
Seriously, what can it do that XP can't? I'm interested.

File tasks are usually (IMHO) much better donw under Linux, which doesn't try to stop you doing anything.

Re:Why Windows 95 and NT 4 are enough (2, Funny)

Trogre (513942) | more than 6 years ago | (#21964740)

*blink*

GRAMMAR ERROR! it's, NOT its! (0)

Anonymous Coward | more than 6 years ago | (#21964746)

Yes, I'm correcting myself. I know that I made an error. I should have typed "its" instead of it's." The former is the possessive form. I know better than this. :(

Wow! and I thought I was retro! (1)

killmofasta (460565) | more than 6 years ago | (#21965390)

Wow! I thought I was retro with Windows 2000!
Turns out this patch MS08-0001 is Patch NUMBER 100! Yea! Yea! Yes!
Finally, the number of patches to Windows 2000 is in TRIPLE DIGITS!
( actually, for us, 2K users, there are two patches, KB941644 and KB943485 )
( I found the actual patch count from a Winternals System informataion program )
( WinTernals is my bestest friend! )

Since you can 'blind' Windows 2000 to look like vista, ( if you have the graphics hardware ),
or you can 'blind' Windows 2000 to look like Windows98, I have the best of both worlds.
but ALL MY PATCH COLLECTION CDs ARE NOW OUT OF DATE.

Actually, there is one feature I need that Office 97 doesnt have, and that is the ability to read Office 2007 excel files. So, its Win2k and Office 2k for me. ( btw, I am going to set up a DOS machine to play some old games... :)

Re:Wow! and I thought I was retro! (1)

VGPowerlord (621254) | more than 6 years ago | (#21965780)

Might I recommend a virtual machine to play DOS games?

or the DOSBox emulator.

That way you don't have to figure out how to get sound working in DOS on anything made after 1997 or so.

Re:Wow! and I thought I was retro! (1)

killmofasta (460565) | more than 6 years ago | (#21965862)

Wow! Thanks Good idea.
What are you recommendations w/ links?

Re:Wow! and I thought I was retro! (1)

Corporate Troll (537873) | more than 6 years ago | (#21966116)

You're lazy, aren't you? He gave the name of one product in his comment. A Google would have given you what you need. DOSBox [dosbox.com]

Now, I'll simply add: FreeDOS [freedos.org] , which is really really really good. Better than any PC-DOS or MS-DOS I've ever used. Either run it native on an older machine, or dump it in a virtual machine. Oh, yes, I guess you want a link for that too: VMWare [vmware.com] .

Re:Wow! and I thought I was retro! (0)

Anonymous Coward | more than 6 years ago | (#21966188)

You should know that Dosbox's built in version of DOS is based heavily on FreeDOS source code.

Re:Why Windows 95 and NT 4 are enough (4, Interesting)

Anonymous Coward | more than 6 years ago | (#21965664)

> I don't plan to upgrade from Windows 95, NT 3.51, and NT 4 on the desktop. With network booting, Windows 95/NT do everything I need for user workstations.

(Not the original AC.)

"Bluto's right. Psychotic, but absolutely right."
- Otter, Animal House

OK, so Win9x wasn't a real OS. It had no security model. That was its unfixable weakness (instability), but that was also part of its salvation.

No network-aware services listening out of the box? No remote-unattended exploits!

And when/if something broke due to the instability - even something as bad as "registry corrupted - don't even fantasize about getting your GUI back", you just booted to DOS, extracted a "good" version of the reigstry from the last five copies in .cab files in C:\WINDOWS\SYSBCKUP, typed a few "ATTRIB" commands (i.e. chmodded it to be writable) and overwrote the "bad" user.dat and system.dat with ones that worked.

The 9x UI wasn't any better/worse than XP or Vista. How many of us took one look at XP's Fisher-Price interface and immediately "downgraded" it to the Win2K look?

Boot speed? My last gaming rig was a Pentium IV, 2.4 GHz, running at 3.2 GHz, 512MB RAM and a 120GB drive, and the fucking thing went from power-on to full-GUI-running-and-no-hard-drive-activity in 15 seconds. There were configuration files you could edit to support 1GB and (by replacing/patching WINDOWS\SYSTEM\IOSUBSYS\ESDI_506.PDR) hard drives over 128GB.

Once upon a time, Linux wasn't ready for the desktop. During those years, Win9x rocked. Crappy multi-user OS? Guilty as charged. Useless for a server? Absolutely. But as a single user OS/program-loader, it was hard to beat. DRM? Product activation? What's that?

Re:Why Windows 95 and NT 4 are enough (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21965682)

What a stupid story. You are stupid for telling it.

Re:Why Windows 95 and NT 4 are enough (3, Funny)

PCeye (661091) | more than 6 years ago | (#21965692)

Obligatory "Office Space" Quotes...

Tom Smykowski: It was a "Jump to Conclusions" mat. You see, it would be this mat that you would put on the floor... and would have different CONCLUSIONS written on it that you could JUMP TO.

Michael Bolton: That's the worst idea I've ever heard in my life, Tom.

Samir: Yes, this is horrible, this idea.

Re:Why Windows 95 and NT 4 are enough (1)

headLITE (171240) | more than 6 years ago | (#21966182)

Windows 95 was the best consumer operating system in 1995 (I like Apple, but Macs still had cooperative multitasking though OS 9.)
Hmm, personally I liked TOS better back then. It had preemptive Multitasking... but Atari didn't sell any computers anymore ;-)

Re:Why Windows 95 and NT 4 are enough (1)

Bert64 (520050) | more than 6 years ago | (#21966258)

Are you sure? I always thought TOS was co-operative like MacOS of the day... That was one of the things that sold me on an Amiga instead.

Re:Why Windows 95 and NT 4 are enough (1)

Bert64 (520050) | more than 6 years ago | (#21966244)

I would have to disagree, AmigaOS was the best consumer level OS in 1995, it satisfied all the criteria you mention. Small, reasonable command line, fast/light ui, full multitasking, and the OS itself was very stable (but, like win9x and macosx could be taken down by an errant program).

However, i would never recommend such an OS to IT admins, an OS with no user separation is a terrible idea in a managed multiuser environment. You want to make sure users can't mess with other users or the system itself.

Re:Why Windows 95 and NT 4 are enough (1)

argiedot (1035754) | more than 6 years ago | (#21966554)

Try Athene [rocklyte.com] , I used it on an old machine and it was super fast. The only problem was with the cursor not being properly drawn, though that didn't show up on another machine. Just make sure that you run it by itself, outside an xserver. Inside an xserver there seems to be no point to it.

Disclaimer: I don't work for Rocklyte, blahblah

Re:well gee (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21964960)

Event ID 4226 (5, Informative)

Xenographic (557057) | more than 6 years ago | (#21965090)

Actually, there's one more comparison they've screwed up. Anyone who has installed the Event ID 4226 [lvllord.de] patch to increase the allowed number of half-open connections so their BitTorrent speeds don't suck ass just had that patch undone by this new version of TCPIP.SYS.

The only good thing is that, while the page hasn't been updated since 2006, the patch seems to work on the new TCPIP.SYS (I just tested it on my own machine).

I realize I'm sort of hijacking the first post, but given how many of us are probably downloading Linux ISOs right now, I figured it's important enough that people wouldn't mind a reminder... :-] Oh, and I'll add one more detail not mentioned here. According to F-Secure, there haven't been any exploits for this found in the wild--yet.

you BINARY PATCH core OS code??? (2, Interesting)

r00t (33219) | more than 6 years ago | (#21965148)

Woah...

Now, don't get me wrong. I think that's a really cool hack. I admire the effort.

Seriously though, WTF? That's a rootkit technique. Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

Re:you BINARY PATCH core OS code??? (0)

Anonymous Coward | more than 6 years ago | (#21965198)

If Microsoft would actually do it for us we wouldn't have to.

And now with Vista, Microsoft decided to not load unsigned kernel drivers and refuses to fix stuff like this. The arrogance!

Re:you BINARY PATCH core OS code??? (5, Insightful)

Scoth (879800) | more than 6 years ago | (#21965252)

While I don't necessarily disagree with you... feel free to release your patch to tcpip.c and give us a link to the updated source file as soon as you get a chance ;)

Sometimes, if a closed-source vendor isn't going to release an update/fix/tweak, the community has to do what they can to do it. Given what many people use Bittorrent for, I suspect getting a rootkit from this patch is the least of their worries. The rest of us will either just have to trust it, use BT on a non-Windows platform, or deal with the slower speeds.

This does bring up an interesting possibility - rather than completely reimplement Windows through something like ReactOS, or translate the API like WINE, how about replacing components of a real Windows install with F/OSS replacements? Drop in a workalike, but open source tcpip.sys and know where it's coming from.

Re:you BINARY PATCH core OS code??? (0)

Anonymous Coward | more than 6 years ago | (#21965272)

Don't feed the trolls.

Mmmm, mmmm, good! (4, Funny)

Gription (1006467) | more than 6 years ago | (#21966096)

Don't feed the trolls.
???
But that is the primary reason for /. to begin with!?

Re:you BINARY PATCH core OS code??? (1)

crosson (1204404) | more than 6 years ago | (#21965486)

Sounds like a good idea, but it would probably break the WGA system, and so MS would not allow updates/extras/operation.

Re:you BINARY PATCH core OS code??? (1)

BronsCon (927697) | more than 6 years ago | (#21965614)

And we'll write our own.

Re:you BINARY PATCH core OS code??? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21965736)

>> This does bring up an interesting possibility - rather than completely reimplement Windows through something like ReactOS, or translate the API like WINE, how about replacing components of a real Windows install with F/OSS replacements? Drop in a workalike, but open source tcpip.sys and know where it's coming from.

Cool, so you take the "best" of both worlds! : a closed-source proprietary OS, which doesn't work anymore.

Re:you BINARY PATCH core OS code??? (1)

khanyisa (595216) | more than 6 years ago | (#21965906)

This does bring up an interesting possibility - rather than completely reimplement Windows through something like ReactOS, or translate the API like WINE, how about replacing components of a real Windows install with F/OSS replacements? Drop in a workalike, but open source tcpip.sys and know where it's coming from.
Actually WINE and ReactOS both reimplement large sections of Windows in ways that can be used on native Windows too. ReactOS does so more because it reimplements the lower layer where WINE uses emulation - but even in WINE higher-level DLLs are implemented natively.
I wouldn't be surprised if you could use the ReactOS version of tcpip.sys on a real Windows (although you may discover some bugs :-))

Rootkit? (4, Informative)

Xenographic (557057) | more than 6 years ago | (#21965268)

> Seriously though, WTF? That's a rootkit technique.

Rootkits use a lot of techniques that are also used by legitimate software. Yes, that patcher (and its patch) does get detected by a few anti-virus programs because worms, like torrents, benefit from being able to connect to more peers. It's not a virus in or of itself, though, plenty of people have checked it out.

> Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

I fully agree, but it's kinda hard to get the source for Microsoft programs. Last I heard, you had to be a big university, pay tons of money, sign NDAs, etc. Besides, this limitation wasn't an accident. It was a deliberate "feature" they put in because they thought it would slow down worms. They're not going to fix it just because people ask.

Re:you BINARY PATCH core OS code??? (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21965758)

Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.


I think the problem with this is that he's using the "Microsoft Windows" operating. This is made by a company called "Microsoft" [wikipedia.org] and not only do most users not get the source code, but Microsoft also tries to block redistribution of fixed versions even though that's the only way to get rid if certain bugs (e.g. the WGA and DRM bugs which causes many problems to users of Windows)

If you don't know Microsoft Windows, it's kind of interesting theoretically (in some versions it was close to a micro-kernel and was the first operating system to use Unicode in the Kernel) but probably not something you want to bother with yourself. Early versions were sort of derived from CP/M via QDOS [wikipedia.org] but later it was rewritten based on VMS [wikipedia.org] . This gives you a theoretically powerful system, but one which is too complex for most of the people who try to use it and so they have interesting security problems [wikipedia.org] . Windows doesn't come with much software by default and doesn't support yum, apt or even a ports system so most users end up installing binary softwares from unknown sources which just adds to the problem. Definitely not recommended even to play with unless you have tens of years of experience in system administration; but if you do, it can be an even more interesting challenge than trying to run entirely on plan 9.

Re:you BINARY PATCH core OS code??? (0)

Anonymous Coward | more than 6 years ago | (#21965930)

> Seriously though, WTF? That's a rootkit technique. Changes of this nature should be made to source code, not binaries. It's way more maintainable and sustainable that way.

"What the other AC said."

(I'm the guy that said the reason Win9x was restricted to 128GB hard drives was totally artificial, and by implication that if Microsoft had simply released a version of ESDI_506.PDR that supported over-128GB hard drives, we'd have been happy to use it. They didn't, so it got patched by hand. Closed source == planned obsolescence, and the only ways out are either (a) cheap hacks or (b) migrating to an open OS. Migrating wasn't an option for the Windows-based gaming rig in question.)

Another funny binary patch story -- the patch to get DOOM 3 and Quake 4 to run on Win9x is two bytes [msfn.org] . Seems that only one function name (GlobalMemoryStatus / GlobalMemoryStatusEx) got changed. Replace "Ex" with NULs and the friggin' game runs just fine under 9x.

Re:Event ID 4226 (0)

Anonymous Coward | more than 6 years ago | (#21965726)

lvllord's Event ID 4226 patch did not work on my new tcpip.sys.

Windows Server 2003 64 bit (AMD64) tcpip.sys, v5.2.3790.4179, crc32 7896D6DC.

The following byte changes will change the limit from 10 to 1000:

00000148: 65 87
00000149: 56 52
000B83CC: E8 0A
000B83CD: 03 00

New crc32 should be 6356686D.

Copy somewhere safe, edit, save, and copy to these three folders:
\WINDOWS\SYSTEM32\DRIVERS
\WINDOWS\SERVICEPACKFILES\AMD64
\WINDOWS\SYSTEM32\DLLCACHE

Do this as quickly as possible to avoid WFP (cancel if you get a prompt, WFP was acting silently for me). Check the modified date/time of the file after a couple of minutes to be sure WFP wasn't faster than you. Reboot. Smile.

Re:Event ID 4226 (0)

Anonymous Coward | more than 6 years ago | (#21965750)

Byte changes listed as "offset: new_byte old_byte".

Re:Event ID 4226 (4, Informative)

Jugalator (259273) | more than 6 years ago | (#21966286)

There are a lot of misinformation spread on the lvllord patch though. The people using it often don't seem to have a good idea of what it actually does, and when it is actually mostly in effect. This should be mandatory reading [64.233.183.104] before binary patching your system files...

Re:Event ID 4226 (1)

Rupam (782199) | more than 6 years ago | (#21966434)

But wont running to pathch overwrite TCPIP.SYS with version 5.1.2600.2892 again, bringing you back to a vulnerable stack??

Re:well gee (4, Funny)

nizo (81281) | more than 6 years ago | (#21965512)

It worked so well for Office 2003, perhaps Microsoft could create a patch that would keep the OS from opening insecure packets from other vendors and their older products?

Haven'y you guys figured out (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21964608)

that M$ is a bunch of NIGGERS?!?!

Nigger Nigger Nigger

Re:Haven'y you guys figured out (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21964774)

Ron Paul, is that you?

Re:Haven'y you guys figured out (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21965076)

No that was Romney, you can not get any more racist than being both a politician AND a mormon.

tools used (-1)

Anonymous Coward | more than 6 years ago | (#21964616)

does anyone know where i can find some "reduced cost editions" of the software used?

yeah (0)

Anonymous Coward | more than 6 years ago | (#21966062)

bindiff.exe [ed2k]

Sounds like HowStuffWorks material! (4, Funny)

Ai Olor-Wile (997427) | more than 6 years ago | (#21964628)

Hooray! Windows vulnerabilities are so commonplace now that there are public educational documentaries about their life-cycles and internals, so that the people can stay informed. Brilliant!

Re:Sounds like HowStuffWorks material! (4, Interesting)

primadd (1215814) | more than 6 years ago | (#21964890)

In case you dont know Halvar Flake, he is a master at reverse engeneering and recently gave a talk at bluehat
short audio [microsoft.com] clip with halvar explaining how he analyzes ms patches for differences

-- bookmark me [primadd.net]

Re:Sounds like HowStuffWorks material! (0, Troll)

jo42 (227475) | more than 6 years ago | (#21965678)

how he analyzes ms patches for differences
You mean it is something other than disassemble pre, disassemble post, diff?

Mebbe I should become one of these masters...

Re:Sounds like HowStuffWorks material! (4, Insightful)

EvanED (569694) | more than 6 years ago | (#21965748)

"You mean it is something other than disassemble pre, disassemble post, diff?"

There's a little bit of actually understanding the diff in there too. That's sort of the hard part.

It's just a mistake! (4, Funny)

EmbeddedJanitor (597831) | more than 6 years ago | (#21964630)

OMG! I thought it might be a bug, but thankfully it's just a mistake!

It's a fucking advert (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21964632)

It's a fucking advert

Dang it all. (5, Funny)

palegray.net (1195047) | more than 6 years ago | (#21964644)

Darn pesky kids and their fancy buffer overflows. I outta HEAP on the insults, but I'll try to stick to my PROGRAM of keeping my smoke STACK cool.

Re:Dang it all. (5, Funny)

Anonymous Coward | more than 6 years ago | (#21964762)

You're PUSHing it. One more pun and I'll POP you in the mouth.

Re:Dang it all. (1, Funny)

Anonymous Coward | more than 6 years ago | (#21966578)

I've been PEEKing into this thread, and I think I'd better get out before I get a POKE in the eye. (Now I'm showing my age ...)

Re:Dang it all. (1, Funny)

Crzysdrs (801722) | more than 6 years ago | (#21965178)

Are you attempting to insult swordfight?

I've got a little TIP for you, get the POINT?

Re:Dang it all. (1)

AndGodSed (968378) | more than 6 years ago | (#21965310)

Oh Touche sir!

Slashvertisment (3, Insightful)

Phlegethon_River (1136619) | more than 6 years ago | (#21964694)

Yep, the submitter's email is from the company that stands to gain from more hits to this video (the ad at the end of the video).

Re:Slashvertisment (5, Insightful)

QuantumG (50515) | more than 6 years ago | (#21964948)

so? He did something (some) people consider cool.. why shouldn't he stand to gain from telling people about it?

Slashvertisment used to mean that you were claiming Slashdot was taking money to advertise something as a story. You seem to be using it to refer to anyone who submits their own website to Slashdot. Attention whore? Yes. Slashvertisment? No.

Let's get the preliminary stuff out of the way... (3, Interesting)

The Master Control P (655590) | more than 6 years ago | (#21964706)

Lol MS sux0rz! ph34r my 1337 h4x!1one

Everyone should be forced to give up manual memory allocation regardless of the power it can afford.

#include "fucktard_troll.h"

Now that that's done with, I see things like this as an argument in favor of moving stuff off of the CPU and into dedicated hardware. Why should your CPU be tied up with things at this level? The absolutely overwhelming majority of all data on every network uses one of two network layer protocols (IPv4 or IPv6) and one of two transport layer protocols (TCP or UDP). Why shouldn't those four combinations be handled by hardware, so we can leave the computer to run the applications? We already do this with 3d rendering, why not networking?

Re:Let's get the preliminary stuff out of the way. (4, Informative)

Anonymous Coward | more than 6 years ago | (#21964804)

I see things like this as an argument in favor of moving stuff off of the CPU and into dedicated hardware. Why should your CPU be tied up with things at this level? The absolutely overwhelming majority of all data on every network uses one of two network layer protocols (IPv4 or IPv6) and one of two transport layer protocols (TCP or UDP). Why shouldn't those four combinations be handled by hardware, so we can leave the computer to run the applications? We already do this with 3d rendering, why not networking?

Do you have any idea how many millions of ethernet cards have been sold? Are they all going to be made obsolete?

These days CPUs are so fast that the minor overhead of a network driver is negligible, unless you're going to ultra-fast speeds (some high-performance network cards do offload this to hardware).

However, you still could have buffer overflows in the network drivers/firmware.

Re:Let's get the preliminary stuff out of the way. (2, Insightful)

eht (8912) | more than 6 years ago | (#21964860)

The cards won't be made obsolete, any more than 2d cards are made obsolete, a number of my machines have 2d only cards and they work fine for a large amount of the non gaming I do.

I don't think anyone advocates softmodems, so why do we tolerate mostly soft network cards.

Re:Let's get the preliminary stuff out of the way. (2, Informative)

mr_mischief (456295) | more than 6 years ago | (#21965494)

Most Ethernet cards aren't "mostly soft". The network stack is, well, a stack. The physical layer and link layer are usually handled by the card. The stuff above that might be handled in firmware or a driver, but I'd rather not have IPv4 shove onto my Ethernet card as the only option. Some cards have gone soft to cut costs, but mid to high end cards are all hard. High-end server cards often have IP acceleration built in, but leave other options open.

Re:Let's get the preliminary stuff out of the way. (1)

themacks (1197889) | more than 6 years ago | (#21964946)

Even with a buffer overflow in the firmware of the card it would be much harder to exploit it for system access, the most you could do with it is control the network adapter (granted that is still a lot but much better than root). That is unless the application using the network card just blindly read in data without sanitizing it, in which case you are back to square one.

Re:Let's get the preliminary stuff out of the way. (1)

qbwiz (87077) | more than 6 years ago | (#21964982)

That is unless the application using the network card just blindly read in data without sanitizing it, in which case you are back to square one.


Or unless it DMAs stuff over, right on top of the kernel...

Re:Let's get the preliminary stuff out of the way. (1)

RightSaidFred99 (874576) | more than 6 years ago | (#21964924)

Software is more flexible than hardware. We have plenty of hardware to do the work, and the parts that benefit from offloading (e.g. checksumming) are already offloaded. No point to adding new hardware.

Re:Let's get the preliminary stuff out of the way. (3, Interesting)

The Master Control P (655590) | more than 6 years ago | (#21965010)

I'm so looking forward to reconfigurable hardware; that'll make the whole argument moot. The CPU as we know it will do nothing but setup reconfigurable logic units and direct data streams. You want hardware networking? Bam. Hardware complex math? Bam. Hardware neural net? Bam.

Re:Let's get the preliminary stuff out of the way. (1)

Lisandro (799651) | more than 6 years ago | (#21965066)

I'm so looking forward to reconfigurable hardware; that'll make the whole argument moot. The CPU as we know it will do nothing but setup reconfigurable logic units and direct data streams. You want hardware networking? Bam. Hardware complex math? Bam. Hardware neural net? Bam.

Behold, the bright future [wikipedia.org] !

Re:Let's get the preliminary stuff out of the way. (1)

The Master Control P (655590) | more than 6 years ago | (#21965152)

I don't mean an FPGA, I mean something like a magnetologic array. Something that's both fast and quickly reconfigurable on the fly. Scientific American had a story in the August 2005 issue if you can find it.

Re:Let's get the preliminary stuff out of the way. (1)

Scaba (183684) | more than 6 years ago | (#21965894)

Isn't that pretty much what a CPU already does?

Re:Let's get the preliminary stuff out of the way. (5, Informative)

Arainach (906420) | more than 6 years ago | (#21964964)

Because TCP and UDP headers aren't of fixed sizes and as such are incredibly difficult to handle in hardware. Hardware switching has been tried - ATM for instance - but it's not that simple. TCP/IP was designed as a software protocol, and it's an unfortunate reality that some protocols are easily handled in hardware and others are not.

IPv6 makes some steps towards having simpler hardware handling, but as long as IPv4 is still around, we won't see hardware switching become commonplace.

Re:Let's get the preliminary stuff out of the way. (2, Informative)

kelnos (564113) | more than 6 years ago | (#21965290)

Because TCP and UDP headers aren't of fixed sizes and as such are incredibly difficult to handle in hardware.
UDP headers [wikipedia.org] are always 8 bytes long. TCP headers [wikipedia.org] are indeed not fixed-length, but will always be a multiple of 4 bytes, will always be at least 20 bytes, and there's a field in the first 20 bytes that tells how large the header is. All of this can certainly be interpreted by hardware, but, as usual, it's cheaper to do it in software.

..and then you've got MPLS, Q, QinQ, et cetera.. (1)

kriss (4837) | more than 6 years ago | (#21966492)

Well, for starters you'd need to actually *find* the IP header in the frame before you start mooking around for the transport headers.

Re:Let's get the preliminary stuff out of the way. (1)

4D6963 (933028) | more than 6 years ago | (#21964986)

Everyone should be forced to give up manual memory allocation regardless of the power it can afford.

I beg your pardon?? What is it you're suggesting with that respect exactly?

Re:Let's get the preliminary stuff out of the way. (0)

Anonymous Coward | more than 6 years ago | (#21965296)

I beg your pardon?? What is it you're suggesting with that respect exactly?
I think he's suggesting the .NET framework.

Re:Let's get the preliminary stuff out of the way. (1)

4D6963 (933028) | more than 6 years ago | (#21966358)

I think he's suggesting the .NET framework.

Quite what I was afraid I understood. If you're afraid of doing dynamic allocation yourself you shouldn't be allowed to use a real programming language in the first place anyways. I mean seriously, that trend that consists in going "eww, dynamic allocation", "omg, a pointer, what is that thing!?" or even "I wonder how people could live without garbage collection" makes people sound like sissies.

Re:Let's get the preliminary stuff out of the way. (1, Insightful)

Anonymous Coward | more than 6 years ago | (#21965006)

The problem is more fundamental then smarter network hardware, it's the CPU/Memory architecture. Long ago, there where computers that had dedicated hardware for memory content management. Two schemes were used: segment descriptors and memory tag bits. The segment hardware checked that addresses for the data structure fell inside the segment memory limits, and tag bit described memory contents (i.e. integer, float, pointer, etc). This was in the days when logic and memory was much more expensive then today. These design choices made the machines much more reliable.

Specifically I'm referring to Symbolics Lisp Machines and Burroughs stack machines, both of which had very low software failure rates. Even when a program crashed, the OS kept going. Note that both of these computers had all their main software written in high level languages that had automatic garbage collection that was integrated with the hardware memory support.

Unfortunately, the quest for performance eliminated these features. Realistically, without hardware support software will never be very reliable. (Even with better hardware there will still be problems, but the current situation will never be very good.) Now that logic and memory are cheap and reliability is a critical issue, we should be considering putting resources into these kind of reliability checks. What are we doing instead? Putting more cores on the die. Yeah, more multi-threading will make software even more reliable in the future.

Re:Let's get the preliminary stuff out of the way. (1)

Hal_Porter (817932) | more than 6 years ago | (#21965460)

That's not really fair. OSs now use virtual memory for protection. There are schemes to use canaries on the stack so that buffer overflows are guaranteed to cause a crash rather than an exploit - software can be updated over the net to fix the crashes. There is a move to VM based software like Java and .Net that uses garbage collection and can be statically verified before it is JITted to native code.

I don't really believe that segment based protection could ever have eliminated stack overflow exploits at an acceptable performance level. Look at the assembler for a function that uses stack variables - they are all allocated by a single subtract operation. If they were allocated individually as far pointers the OS would need to be called for each one. It would need to switch to kernel mode and modify the descriptor table and then return. Once the function was done the whole process would need to be repeated. Most C functions would run hundreds of times slower if this was the case.

The performance cost of VM based solutions is far lower and they can still be run on current PCs, not some radically new architecture which would probably spend most of short life emulating old code badly anyway. E.g if you look at Itanium it is far less radical than a stack based machine and yet it still failed because it had a relatively minor performance disadvantage on old binaries.

Re:Let's get the preliminary stuff out of the way. (1, Funny)

Anonymous Coward | more than 6 years ago | (#21965012)

Everyone should be forced to give up manual memory allocation regardless of the power it can afford.
I wonder how you will program dynamic memory allocation without using manual memory allocation. ;)

Re:Let's get the preliminary stuff out of the way. (4, Informative)

guruevi (827432) | more than 6 years ago | (#21965026)

TCP/IP offloading is already done on-chip by several network cards. Spend $10-$50 more on a network card and you would get it. Off course a lot of TCP/IP is still handled in the kernel of the OS just because it is too flexible to be done on-chip. Off course, if you need more performance along the lines of firewalling or traffic shaping, you could get an external appliance that handles it.

Re:Let's get the preliminary stuff out of the way (3, Insightful)

Lisandro (799651) | more than 6 years ago | (#21965038)

Because Ethernet is a physical component [wikipedia.org] of the networking chain; protocols other than TCP or UDP can (and are!) be implemented.

Besides, networking is something that barely taxes CPU power on every processor made from the Intel Pentium days to this date, unlike 3D acceleration. There's little justification to loose the flexibility provided by running it in software to get a negligible CPU performance increase.

And yes, hardware can be buggy too. There's a shitload of issues with specific hardware that are addressed on their device drivers - again, easier to solve in software than to fix in hardware. Even CPUs suffer from this.

Re:Let's get the preliminary stuff out of the way. (1)

alexmin (938677) | more than 6 years ago | (#21965096)

Because in the end an application is going to get a packet of arbitrary size from network stack and has to allocate buffer accordingly. This is nature of asynchronous communication.

Re:Let's get the preliminary stuff out of the way. (1)

complete loony (663508) | more than 6 years ago | (#21965398)

Some ethernet hardware can offload a number of expensive yet common operations to be done in hardware. But it doesn't always work [google.com] .

Yes, let's do just that... (4, Insightful)

gillbates (106458) | more than 6 years ago | (#21965710)

Because as we all know, manual memory allocation is hard to understand. Programmers shouldn't have to know basic math, right?

Why don't we just make a language that does it automatically, and then we won't have any problems like this? Right?!

Those of us who cut their teeth on assembly and C look at this and just wonder in wide amazement. A part of us wonders how anyone could be so negligent - but the other part knows how things work in proprietary software shops. (A hint - the management doesn't consider it a bug unless the customer notices it.) Yes, we've all done this before, but the solution isn't to create a language which dumbs down the programmer (Dude - you're writing directly to memory!!! You must be some kind of uber-hacker!!). Rather, there are steps you can take to virtually eliminate this kind of problem:

  1. A different language isn't the solution (cue the Java trolls). The problem is that the programmer did not know how to correctly allocate the buffer, didn't bother to calculate the size needed, or was just plain sloppy. A sloppy C programmer makes an even sloppier Java programmer; if one can't be bothered to understand the details, they won't be saved by switching to another language.
  2. People do make mistakes, and the field of software engineering knows this. Thats why we advocate things like Formal Technical Reviews - where other engineers review the code you've written. Even if the author of this abomination was fresh out of college and didn't know any better, a thorough review would have caught the mistake.
  3. A good system test plan would have a.) known that such vulnerabilities are common, and b.) stress tested the code for this very situation. One thing I like to do in testing is to put values into fields that are one larger than what the program expects. Does it overflow? Does it crash? Does it correctly detect and properly handle the incorrect input? A good test program would have caught this bug even if the review had missed it.
  4. There are automated tools which can find buffer overflows, uninitialized variables, and the like. Why weren't they used? Or, perhaps they were...
  5. The most likely cause of this bug was not a sloppy programmer, or a bad choice of language (in fact, at this level, Java and C++ are pretty much out because of the performance issues.), but rather, a company that chose to forego the requisite design, review, and testing needed to produce a high quality product. Microsoft's customers have become so accustomed to buggy software that releasing a bug like this - and patching it later - is par for the course. From a business perspective, a buffer overflow is probably considered nothing more than a contingency that has to be dealt with eventually, that need not stop a product from shipping.

You know, there was a time when formal methods were taught, when programmers were expected to know how to properly allocate and release memory. When things like calculating the size of the buffer, applying basic math(!) and testing your own code were considered just a part of the programmer's job. Now we're hearing people blame languages for the faults of the programmer.

If I keep going, I suppose I'll start to sound like Bill Cosby. But consider this: the most reliable operating systems to date were built on C (UNIX) and assembly (MVS). If a bunch of old farts (well, perhaps they were young then...) can crank out correct, reliable, fast code without an IDE and a bunch of GUI tools, clearly the language is not to blame.

The old adage still applies: a poor workman blames his tools . Software engineering works, regardless of the implementation language. This isn't a failure of the language or the environment, but rather, failure to do software engineering right:

  1. The programmer made the initial mistake, and
  2. Then no review of the code was performed, or all of the reviewers missed it, and
  3. No automated audit of the code was done, or the results were ignored, and
  4. The code wasn't properly tested, if it was tested at all, or
  5. The company knew about the problem and chose to ship the software anyway, and issue a patch later. That way, a security vulnerability wouldn't cost them money.

This failure isn't a technical problem, it's an ethical one. Some companies simply cut corners on software engineering.

Re:Yes, let's do just that... (1)

WNight (23683) | more than 6 years ago | (#21966378)

You are right, but if you have to calculate buffer size manually

buf_size = header_len + packetlen + sizelen + crclen + paddinglen
my_buf = malloc(buf_size) // barf if my_buf is null
memcpy(in_buf,my_buf,buf_size)

there's simply a lot more to code than in Ruby. While in theory you can make it as safe, in practice you've simply got 8+ times as much code, checking it for correctness takes a lot longer.

Similarly, in languages like Ruby you can iterate through a collection without loop variables, without writing yet another for loop.

C:

char foo[20] = "test string"
for (i=0;i [1105, 190, 1195, 1120, 1135, 166, 187, 163, 1168, 1183]

No buffer checking needed - if it fails to allocate it'll die cleanly at least. Or you can catch the exception and do whatever you want.

There's no need to write in C unless you need its features. There's just too much code, and with that code, more chance of errors - not to mention that it's harder code...

When testing a buffer, throwing something a bit longer at it is good. I tend to just copy a whole slashdot discussion or something else huge and try to paste it into every control I can. That catches the programmers who just allocate large static buffers.

Programmer: "You can't send back a 200k web request! That form only allowed 300 characters."
Me: "Yes, until I used the Firefox DOM viewer to change it - just like a hacker would. Verify your input!"

Re:Yes, let's do just that... (2, Informative)

WNight (23683) | more than 6 years ago | (#21966424)

Pardon the other post - I forgot code with gt/lt symbols doesn't paste well...

You are right, but if you have to calculate buffer size manually

C:

buf_size = header_len + packetlen + sizelen + crclen + paddinglen
my_buf = malloc(buf_size)
if (null == my_buf) ... // barf if my_buf is null
memcpy(in_buf,my_buf,buf_size)


there's simply a lot more to code than in Ruby. While in theory you can make it as safe, in practice you've simply got 8+ times as much code, checking it for correctness takes a lot longer.

Similarly, in languages like Ruby you can iterate through a collection without loop variables, without writing yet another for loop.

C:

char foo[20] = "test string"
for (i=0;i < strlen(foo);i++) { ... foo[i] }


Ruby:

foo = "test string"
foo.each_character {|c| ... c }


This savings is exaggerated if you write more complex code:

a = []
10.times { a << (rand * 100).to_i }
puts a.collect {|n| n * 3 }.collect {|n| n = ('1' + n.to_s).to_i }.sort_by {|n| n % 5 }.inspect

prints: [1105, 190, 1195, 1120, 1135, 166, 187, 163, 1168, 1183]

No buffer checking needed - if it fails to allocate it'll die cleanly at least. Or you can catch the exception and do whatever you want.

There's no need to write in C unless you need its features. There's just too much code, and with that code, more chance of errors - not to mention that it's harder code...

When testing a buffer, throwing something a bit longer at it is good. I tend to just copy a whole slashdot discussion or something else huge and try to paste it into every control I can. That catches the programmers who just allocate large static buffers.

Programmer: "You can't send back a 200k web request! That form only allowed 300 characters."
Me: "Yes, until I used the Firefox DOM viewer to change it - just like a hacker would. Verify your input!"

Re:Let's get the preliminary stuff out of the way. (2, Insightful)

Anonymous Coward | more than 6 years ago | (#21966020)

The absolutely overwhelming majority of all data on every network uses one of two network layer protocols (IPv4 or IPv6) and one of two transport layer protocols (TCP or UDP).

You forgot ICMP. And even if you had remembered it, the bug was in IGMP, which is still not on your list, and would thus need to be implemented in software anyway. Sure, IGMP is not used that much, but it only takes one bad guy to send the packet that takes over your system.

Re:Let's get the preliminary stuff out of the way. (1)

ultranova (717540) | more than 6 years ago | (#21966306)

Everyone should be forced to give up manual memory allocation regardless of the power it can afford.

Considering that Firefox crashes whenever I happen to hit the "Insert" key when writing a reply on Slashdot, and randomly otherwise, I'm inclined to agree. Programmers, in general, are apparently incapable of dealing with memory management or bounds checking, so they should just use automation.

Of course simply moving them to Java will just have them do things like starting threads from object constructors (which causes all kinds of weird and wonderfull bugs), use 100+ threads for low-volume network communication (I'm looking at you, Freenet) and in general write such inefficient code that a lookalike but less featured remake of a DOS-era game running on a 1 GHz machine feels like watching a glacier (FreeCol, that means you).

Most programmers are incompetent, there's no getting around that. And giving more power to an incompetent is propably not such a bright idea.

Sorry about the rant. I blame it on Firefox crashing three times this morning.

Re:Let's get the preliminary stuff out of the way. (1)

sp3d2orbit (81173) | more than 6 years ago | (#21966446)

Forget these other retards. Your hardware idea is one of the best I've ever heard.

Write it out in VHDL, get an FPGA, and take the proof of concept to someone with money. Any web server admin with half a brain can see why having your TCP/IP stack in hardware is preferential to software, even if it does replace the ethernet card.

Fantastic!!!

How about http://blogs.technet.com/swi/ (4, Informative)

PerfectSmurf (882935) | more than 6 years ago | (#21964766)

Or you could read about it on the Security Vunerability Research and Defense blog at http://blogs.technet.com/swi/ [technet.com]

Windows is open-sores software (2, Funny)

Junior J. Junior III (192702) | more than 6 years ago | (#21964812)

This movie (Flash required) goes through the process of examining the 'pre-patch' version of tcpip.sys and comparing it against the 'post-patch' version of tcpip.sys. This comparison yields the actual code that

See? And they said without FOSS, this couldn't be done!

Re:Windows is open-sores software (4, Interesting)

totally bogus dude (1040246) | more than 6 years ago | (#21964882)

The difference is that if it was FOSS, they'd be able to see the comment saying "// this doesn't match the specs but it worked for me in the test I did, so the specs must be wrong."

Re:Windows is open-sores software (2, Interesting)

Hal_Porter (817932) | more than 6 years ago | (#21965622)

I dunno about that. That assumes the original programmer knew the code was incomplete. Most of the time code has sat around for ages and been looked at by hundreds of people without anyone thinking about a situation where it would fail. Admittedly it's a lot easier to fix code if you have the source code, but it doesn't make it any easier to spot bugs. Whover said "many eyeballs make all bugs shallow" has never worked for a company with thousands of developers building real time systems. Maybe it's true of Perl scripts and the like.

Re:Windows is open-sores software (3, Insightful)

mystik (38627) | more than 6 years ago | (#21965118)

The difference is that this is legally questionable. I'm pretty sure the license forbids reverse compilation and disassembly like this ....

With FOSS, you know exactly what your rights are.

Re:Windows is open-sores software (0)

WNight (23683) | more than 6 years ago | (#21966272)

While FOSS is nice because nobody is lying about what your rights are, in reality, there is no valid law that would forbid you from reverse engineering.

When you buy Windows or a computer with Windows, at a retail store, there's no license attached to it. What looks like a sale is. Sales can *NOT* be encumbered by post-sale contracts. Therefore, Windows, which is sold, isn't licensed.

There's only a license if you're negotiating a volume license with MS directly. In that case they could ask for your first-born, NDAs, etc... good reason to not deal with them directly.

Re:Windows is open-sores software (2, Interesting)

kevmatic (1133523) | more than 6 years ago | (#21965322)

Oh, sure, because traversing dozens of lines of "Mov EAX,$4B456E5" and whatever is comparable looking at original source code. Disassembling is a pretty poor for this sort of thing; you really need to start with it narrowed down, like this guy did by diffing it. Most of the time you'll be looking at whole executables if you want to do something like this..

Also, though its educational purposes are undeniable and it certainly is interesting to say the least, what good is it? It can only be used to make one or two minor changes or a single bugfix after hours of work. Even then its a license violation.

There's lots of good reasons to have close source software, but saying that something like this invalidates one of OSS's biggest advantages is incorrect, regardless of your closed/open leanings.

Re:Windows is open-sores software (3, Informative)

Junior J. Junior III (192702) | more than 6 years ago | (#21965608)

Geez, I can't believe how many people took my grandparent post seriously, like I was actually advocating that you can audit the source code of closed-source software for security holes by decompiling it. Well, I mean, you could, but it'd be fairly ridiculous.

A couple of people on Usenet are complaining that (1)

zonky (1153039) | more than 6 years ago | (#21964856)

win32time service is broken in their Active Directory enviroment post these updates. It is as yet unclear if they are related.

Best resume ever (1)

Noodly Appendage (1174865) | more than 6 years ago | (#21964992)

In flash no less! Someone's about to leave somewhere for a lot more money.

despair.com says it best (2, Funny)

dave55699 (1215870) | more than 6 years ago | (#21965342)

"It could be that the purpose of your life is only to serve as a warning to others." http://despair.com/mis24x30prin.html [despair.com]

What about Windows 2000 ? (0)

Anonymous Coward | more than 6 years ago | (#21965978)

For the few people, who are hanging to their Windows 2000 for dear life ?

Re:What about Windows 2000 ? (1)

the_greywolf (311406) | more than 6 years ago | (#21966336)

We've already abandoned it for Linux.

I still have (and occasionally use) my server edition license, though.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?