A denial of service vulnerability report was filed against a program, let’s call it Notepad. The actual text of the report was very hard to understand because the grammar was all messed up. I’ll give the finder the benefit of the doubt on the assumption that they are not a native English speaker. Here’s a cleaned-up version:<\/p>\n
If you open multiple documents, one very large document and several small documents, and then try to exit all of them at once, the program will take a very long time saving the large document, resulting in a denial of service against the small documents.<\/p><\/blockquote>\n
I’m not sure what the point is here. The program does eventually finish saving the large document, so everything works out in the end. Are they suggesting that the program should save the smallest documents first? But then wouldn’t that be a denial of service against the large document if you had lots of small documents?<\/p>\n
But wait, let’s ask the standard questions.<\/p>\n
Who is the attacker?<\/p>\n
I guess the attacker is the person who opened the very large document.<\/p>\n
Who is the victim?<\/p>\n
The victim is the person who is unable to save their small documents because the large document is hogging the program.<\/p>\n
What has the attacker gained?<\/p>\n
The attacker has annoyed the victim temporarily.<\/p>\n
But wait, the attacker and the victim are the same person!<\/p>\n
It’s not a security vulnerability that you have the power to annoy yourself. Other ways include “Putting itching powder in your pants” and “Throwing your glasses in the trash.”<\/p>\n
Furthermore, there is no impact on other users, or even to other apps by this user. The only person you’re denying service to is yourself.<\/p>\n
If you’re concerned about the order in which files are saved on close, you could explicitly close them in the desired order, like, I dunno, most important files first? Removable drives first?<\/p>\n
And really, it’s not clear what the finder was expecting here. You loaded a large file, and now you’re saving it. Why is it surprising that this takes a long time?<\/p>\n
This was resolved as “Not a vulnerability” with the subcategory “By design.” But sometimes I wish there was subcategory “So what did you expect?”<\/p>\n","protected":false},"excerpt":{"rendered":"
I mean, it’s what you asked it to do.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-111731","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"
I mean, it’s what you asked it to do.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/111731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=111731"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/111731\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=111731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=111731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=111731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}