[7559] in bugtraq
Re: Object tag crashes Internet Explorer 4.0
daemon@ATHENA.MIT.EDU (Paul Leach)
Fri Aug 7 16:22:53 1998
Date: Thu, 6 Aug 1998 14:21:31 -0700
Reply-To: Paul Leach <paulle@MICROSOFT.COM>
From: Paul Leach <paulle@MICROSOFT.COM>
X-To: Pascal Gienger <p@znet.de>
To: BUGTRAQ@NETSPACE.ORG
> -----Original Message-----
> From: Pascal Gienger [mailto:p@znet.de]
> Sent: Thursday, August 06, 1998 1:51 PM
>
> See also the posting about taking Web Pages as INPUT to a
> program. The only
> right way IMHO to do it.
We do take it as input. If that input has (e.g.) long file names that
exercises buffer overrun bugs, we fix it. If it has syntax errors, we report
that.
What has gotten completely lost is that all I said was: If that input is
(essentially) a program that might contain infinite loops or recursion, we
do not attempt to thoroughly examine the program to determine if they exist,
because the Turing machine halting theorem says that that is _in general_
impossible to write a program that does that.
Instead, the program is executed (if IE is configured to even let such
programs run), and if the stack overflows, the screen will be redrawn, and
the window on the page you were viewing will disappear. The system and
other programs running at the same time will be unaffected. To continue
browsing the web, you'll have to double click on the browser icon again. If
anyone has seen behavior other than this, let me know.
> A program being able to crash based solely on user input is
> buggy. There are no chances to turn that around.
It's a bug. I never said otherwise. What I did say is that it wasn't
possible to fix it by examining the contents of the web page to decide not
to execute it if it had an infinite recursion.
I will also say that we'll fix buffer overrun bugs, privacy violation bugs,
loss of data bugs, unauthorized access to data bugs, and server DoS bugs
ahead of this kind of bug.
Paul
