May 29th, 2014

It rather involved being on the other side of this airtight hatchway: Denial of service by high CPU usage

We received the following security vulnerability report:

Windows is vulnerable to a denial of service attack that consumes 100% CPU.

  1. Use the following procedure to create a file that is enchanted by magic pixie dust: […]
  2. Rename the file to TEST.EXE.
  3. Execute as many copies of the program as you have CPU cores.

Observe that CPU usage climbs to 100% and never goes down. This a clear demonstration that Windows is vulnerable to a denial of service attack from magic pixie dust.

The magic pixie dust is a red herring. This vulnerability report is basically saying “If you are allowed to run arbitrary programs, then it is possible to run a program that consumes all the available CPU.”

Well, duh.

This is another case of if I can run an arbitrary program, then I can do arbitrary things, also known as MS07-052: Code execution results in code execution. (Or in the lingo of Internet memes, “High CPU is high.”)

Now, of course, if the magic pixie dust somehow allows a user to do things like access resources they do not have access to, or to circumvent resource usage quotas, then there would be a serious problem here, and if the high CPU usage could be triggered remotely, then there is a potential for a denial-of-service attack. But there was nothing of the sort. Here’s a much less complicated version of magic pixie dust:

int __cdecl main(int, char **) { for (;;) { } /*NOTREACHED*/ }
Topics
Other

Author

Raymond has been involved in the evolution of Windows for more than 30 years. In 2003, he began a Web site known as The Old New Thing which has grown in popularity far beyond his wildest imagination, a development which still gives him the heebie-jeebies. The Web site spawned a book, coincidentally also titled The Old New Thing (Addison Wesley 2007). He occasionally appears on the Windows Dev Docs Twitter account to tell stories which convey no useful information.

0 comments

Discussion are closed.