From owner-freebsd-security Mon May 17 10:38:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from sol.cc.u-szeged.hu (sol.cc.u-szeged.hu [160.114.8.24]) by hub.freebsd.org (Postfix) with ESMTP id 6A90114D92 for ; Mon, 17 May 1999 10:38:44 -0700 (PDT) (envelope-from sziszi@petra.hos.u-szeged.hu) Received: from petra.hos.u-szeged.hu by sol.cc.u-szeged.hu (8.8.8+Sun/SMI-SVR4) id TAA00614; Mon, 17 May 1999 19:38:29 +0200 (MET DST) Received: from sziszi by petra.hos.u-szeged.hu with local-smtp (Exim 2.05 #1 (Debian)) id 10jRVq-0000o8-00; Mon, 17 May 1999 19:49:14 +0200 Date: Mon, 17 May 1999 19:49:14 +0200 (CEST) From: Adam Szilveszter Reply-To: Adam Szilveszter To: Roger Marquis Cc: security@FreeBSD.ORG Subject: Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! My experinece upon looking at the page in question: - With my FreeBSD box, running Netscape 4.6 (freebsd) it took about half a minute to display the page, the communicator process actually used almost all available RAM and a lot of CPU time. However, after exiting Communicator, I got back the RAM (it says now: 26M Free), the amount that has already been swapped out remains in place. -After this I checked the same page from the same subnet with a W95 machine running Netscape 4.51 and M$ Internet Explorer 5. (That machine has only 32M RAM, though, whereas mine has 64M) The results with Netscape: It took the browser an incredible almost two minutes to display the page. (!) it first displayed the toolbar only and the two minutes are from when it appeared till the whole page was visible. There was a lot of HDD activity going on at some times. I could see the words: Version-4.51[en]-xxxx on the title bar (xxxx stands for some numbers. I did not remember.) during the rendering process. With IE, the page came up swiftly (10-15sec) but this actually is a different page IMHO in what techniques it uses. E.g. I'd bet on it, that it uses no normal JavaScript but M$ implementation JScript for IE. I even tried with StarOffice and the page displayed very quickly. It received the Netscape version. (No 3D buttons) From this I draw the conclusion that: 1) This problem is not UNIX specific, rather Netscape related. 2) FreeBSD actually did quite well, as you could see (30 sec rendering time as opposed to 2 min on W95) 3) I tried others of their pages and the error did not recur. So I dare say there is some buggy code on that page and while it is trying to execute, the browser is stuck.(Even the animation stops in the corner) It has someting to do with browser-type parsing because it was probably processing the data I saw on top (which was the Netscape version and language followed by some interesting numbers) It is possible that this has again something to do with their client-tracking system.,. 4) It was clear from the very beggining that they design their pages in a way to look much better on IE (so that they can say, well, see the difference for yourself) but cannot understand what they use JavaScript for. On the IE version it adds the functionality that the buttons become 3D and Blue when you move your mouse over them. I am not an expert on JavaScript but if they try to implement something similar here then it simply doesn't work (and for that matter, never has, on any of their pages) 5) I do not think it is a DOS. I think that it is both M$'s and Netscape's fault. At M$ they simply ignore the standards when it comes to good-looking but product-consicous (Win only) pages and use asp, which is their own standard for including code into the page that executes while loading. That's why it's pretty sure that if you see asp pages somewhere than the server is almost certainly NT... As for Netscape, memory handling problems always occured, didn't they? Besides, I could see that Netscape was stuck in RUN status so it was trying very hard to run something. This status is _very CPU consuming but memory is not always affected. I saw something similar for RealPlayer, when it looses the connection to the streaming server, it stucks in this mode until stopped or regains the connection. It brings up CPU usage to 100% but it doesn't touch the RAM. On WinNT, it actually took over all of the available RAM and swap when left at that and in the end it freezed. On Win95 it even crashed the machine occasionally. So buggy software has always existed... BTW The worst I can think of on M$ part that they wanted to make the page a bit slower to load to show off that IE is much better... P.S.: I checked, Communicator 4.6 is still a.out. Regards: Szilveszter Szeged University Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message