{"id":31703,"date":"2006-03-31T10:00:15","date_gmt":"2006-03-31T10:00:15","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2006\/03\/31\/the-network-interoperability-compatibility-problem-first-follow-up-of-many\/"},"modified":"2006-03-31T10:00:15","modified_gmt":"2006-03-31T10:00:15","slug":"the-network-interoperability-compatibility-problem-first-follow-up-of-many","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20060331-15\/?p=31703","title":{"rendered":"The network interoperability compatibility problem, first follow-up of many"},"content":{"rendered":"

\nOkay,\n\nthere were an awful lot of comments yesterday<\/a>\nand it will take me a while to work through them all.\nBut I’ll start with some more background on the problem\nand clarifying some issues that people had misinterpreted.\n<\/p>\n

\nAs a few people surmised, the network file server software\nin question is Samba,\na version of which comes with most Linux distributions.\n(I’ll have to do a better job next time of disguising the\nidentities of the parties involved.)\nSamba is also very popular as the network file server for\nembedded devices such as network-attached storage.\nThe bug in question is fixed in the latest version of Samba,\nbut none of the major distributions have picked up the fix yet.\nNot that that helps the network-attached storage scenario any.\n<\/p>\n

\nIt appears that a lot of people though the buggy driver\nwas running on the Windows Vista machine,\nsince they started talking about\n\ndriver certification<\/a>\nand\n\nblocking its installation<\/a>.\nThe problem is not on the Windows Vista machine;\nthe problem is on the file server, which is running Linux.\nWHQL does not certify Linux drivers,\nit can’t stop you from installing a driver\non some other Linux machine,\nand it certainly can’t\n\ndownload an updated driver and somehow upgrade your Linux machine\nfor you<\/a>.\nRemember, the bug is on the server<\/strong>,\nwhich is another computer running some other operating system.\nAsking Windows to update the driver on the remote server makes about\nas much sense as asking Internet Explorer to upgrade the version\nof Apache running on slashdot.org.\nYou’re the client; you have no power over the server.\n<\/p>\n

\nSome people lost sight of the network-attached storage scenario,\nprobably because they weren’t familiar with the term.\nA network-attached storage device is a self-contained device\nconsisting of a large hard drive, a tiny computer, and a place\nto plug in a network cable.\nThe computer has an operating system burned into its ROMs\n(often a cut-down version of Linux with Samba),\nand when you turn it on, the device boots the computer,\nloads the operating system, and acts as a file server on your network.\nSince everything is burned into ROM,\nclaiming that\n\nthe driver will get upgraded and the problem will eventually be long\nforgotten<\/a>\nis wishful thinking.\nIt’s not like you can download a new Samba driver and install\nit into your network-attached storage device.\nYou’ll have to wait for the manufacturer to release a new ROM.\n<\/p>\n

\nAs for detecting a buggy driver, the CIFS protocol doesn’t\nreally give the client much information about what’s running\non the server, aside from a “family” field that identifies\nthe general category of the server (OS\/2, Samba, Windows NT, etc.)\nAll that a client can tell, therefore, is “Well, the server\nis running some version of Samba.”\nIt can’t tell whether it’s a buggy version or a fixed version.\nThe only way to tell that you are talking to a buggy server\nis to wait for the bug to happen.\n<\/p>\n

\n(Which means that people who said, “Windows Vista should just default\nto the slow version,” are saying that they want Windows Vista\nto run slow against Samba servers and fast against Windows NT servers.\nThis plays right into the hands of the conspiracy theorists.)\n<\/p>\n

\nMy final remark for today is explaining how a web site can\n“bloat the cache” of known good\/bad servers and create a denial\nof service if the cache did not have a size cap:\nFirst, set up a DNS server that directs all requests for *.hackersite.com\nto your Linux machine.\nOn this Linux machine, install one of the buggy versions of Samba.\nNow serve up this web page:\n<\/p>\n

\n<IFRAME SRC=\"\\\\a1.hackersite.com\\b\" HEIGHT=1 WIDTH=1><\/IFRAME>\n<IFRAME SRC=\"\\\\a2.hackersite.com\\b\" HEIGHT=1 WIDTH=1><\/IFRAME>\n<IFRAME SRC=\"\\\\a3.hackersite.com\\b\" HEIGHT=1 WIDTH=1><\/IFRAME>\n<IFRAME SRC=\"\\\\a4.hackersite.com\\b\" HEIGHT=1 WIDTH=1><\/IFRAME>\n...\n<IFRAME SRC=\"\\\\a10000.hackersite.com\" HEIGHT=1 WIDTH=1><\/IFRAME>\n<\/pre>\n
\nEach of those IFRAME<\/code>s displays an Explorer window\nwith the contents of the directory \\\\a1.hackersite.com\\b<\/code>.\n(Since all the names resolve to the same machine,\nall the \\\\*.hackersite.com<\/code> machines are really the same.)\nIn that directory, put 200 files, so as to trigger the\n“more than 100 files” bug and force Windows Vista to cache the server\nas a “bad” server.\nIn this way, you forced Windows Vista to create ten thousand records\nfor the ten thousand bad servers you asked to be displayed.\nThrow in a little more script and you can turn this into a loop that\naccesses millions of “different” servers (all really the same server).\nIf the “bad server” cache did not have a cap, you just allowed a\nbad server to consume megabytes of memory that will never be freed\nuntil the computer is rebooted.\nPretty neat trick.\n<\/p>\n
\nEven worse, if you proposed preserving this cache across reboots,\nthen you’re going to have to come up with a place to save this information.\nWhether you decide that it goes in a file or in the registry,\nthe point is that an attacker can use this “bloat attack” and cause\nthe poor victim’s disk space\/registry usage to grow without bound\nuntil they run out of quota.\nAnd once they hit quota, be it disk quota or registry quota,\nnot only do bad things start happening, but they don’t even know\nwhat file or registry key they have to delete to get back under quota.\n<\/p>\n
\nNext time, I’ll start addressing some of the proposals that people came\nup with, pointing out disadvantages that they may have missed\nin their analysis.<\/p>\n","protected":false},"excerpt":{"rendered":"
Okay, there were an awful lot of comments yesterday and it will take me a while to work through them all. But I’ll start with some more background on the problem and clarifying some issues that people had misinterpreted. As a few people surmised, the network file server software in question is Samba, a version […]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-31703","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"
Okay, there were an awful lot of comments yesterday and it will take me a while to work through them all. But I’ll start with some more background on the problem and clarifying some issues that people had misinterpreted. As a few people surmised, the network file server software in question is Samba, a version […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/31703","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=31703"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/31703\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=31703"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=31703"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=31703"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}