Sign-in / Sign-up
Your question

Should legal app crashing XP be considered a security issue?

Tags:
  • Security
  • Microsoft
  • Windows XP
Last response: in Windows XP
Anonymous
a b 8 Security
March 10, 2005 8:32:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm currently working
to troubleshoot an apparently
valid application that merely
creates a very large number of files
which causes xp pro to "hang"
in less than an hour. (It is not running
out of diskspace).

Should this be considered a
security type issue? I am asking
this question to gain perspective
on how to go about solving the issue.

Thanks,
Roy Terry

The orginal posting is
here.
http://groups-beta.google.com/group/comp.lang.tcl/brows...

And I have also posted a general inquiry today in
microsoft.public.windowsxp.perform_maintain

More about : legal app crashing considered security issue

March 10, 2005 8:32:50 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

i would say it would only be a security issue if such a program could be
placed on and run from your machine from outside. my guess... a resource
leak in the windows implimentation of tcl. monitor the process for some
resource type that isn't being reclaimed. probably more of a programming or
performance issue that security.

"Roy Terry" <royterry@earthlink.net> wrote in message
news:5x%Xd.5138$oO4.126@newsread3.news.pas.earthlink.net...
> I'm currently working
> to troubleshoot an apparently
> valid application that merely
> creates a very large number of files
> which causes xp pro to "hang"
> in less than an hour. (It is not running
> out of diskspace).
>
> Should this be considered a
> security type issue? I am asking
> this question to gain perspective
> on how to go about solving the issue.
>
> Thanks,
> Roy Terry
>
> The orginal posting is
> here.
>
http://groups-beta.google.com/group/comp.lang.tcl/brows...
>
> And I have also posted a general inquiry today in
> microsoft.public.windowsxp.perform_maintain
>
>
March 10, 2005 8:32:50 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Roy Terry wrote:

> I'm currently working
> to troubleshoot an apparently
> valid application that merely
> creates a very large number of files
> which causes xp pro to "hang"
> in less than an hour. (It is not running
> out of diskspace).
>
> Should this be considered a
> security type issue? I am asking
> this question to gain perspective
> on how to go about solving the issue.
>

Hi, Roy. I wouldn't say offhand that this is a security issue. If this
program is the only one that gives you a problem, it is probably
something with that particular application. What is its name? Can you
contact the app's tech support or look on the mftr.'s website to see if
this is a known issue? Did the program ever work correctly? If so, what
changed?

Malke
--
MS MVP - Windows Shell/User
www.elephantboycomputers.com
In Memoriam - MVP Alex Nichol
Related resources
March 10, 2005 8:32:51 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Malke" <noreply@invalid.com> wrote in message
news:%239nEulZJFHA.1924@TK2MSFTNGP10.phx.gbl...
> Roy Terry wrote:
>
> > I'm currently working
> > to troubleshoot an apparently
> > valid application that merely
> > creates a very large number of files
> > which causes xp pro to "hang"
> > in less than an hour. (It is not running
> > out of diskspace).
> >
> > Should this be considered a
> > security type issue? I am asking
> > this question to gain perspective
> > on how to go about solving the issue.
> >
>
> Hi, Roy. I wouldn't say offhand that this is a security issue. If this
> program is the only one that gives you a problem, it is probably
> something with that particular application. What is its name? Can you
> contact the app's tech support or look on the mftr.'s website to see if
> this is a known issue? Did the program ever work correctly? If so, what
> changed?
>
> Malke
> --
> MS MVP - Windows Shell/User
> www.elephantboycomputers.com
> In Memoriam - MVP Alex Nichol
>

take a look at the link in the original post, its a tcl file system stress
test... creates 3600 files in a folder in an hour then creates a new folder
and starts over... probably some resource leak in tcl or how the test is
doing it.
Anonymous
a b 8 Security
March 10, 2005 9:11:52 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Dave" <noone@nowhere.com> wrote in message
news:e4MAWhZJFHA.484@TK2MSFTNGP15.phx.gbl...
> i would say it would only be a security issue if such a program could be
> placed on and run from your machine from outside. my guess... a resource
> leak in the windows implimentation of tcl. monitor the process for some
> resource type that isn't being reclaimed. probably more of a programming
or
> performance issue that security.
Any suggestions as to tools or particular resources? I'm mainly using
procexp.exe from sysinternals.com. I'm looking at memory and at
handles - not sure what else I might need to be examining.

Thanks for your response.

Roy
>
> "Roy Terry" <royterry@earthlink.net> wrote in message
> news:5x%Xd.5138$oO4.126@newsread3.news.pas.earthlink.net...
> > I'm currently working
> > to troubleshoot an apparently
> > valid application that merely
> > creates a very large number of files
> > which causes xp pro to "hang"
> > in less than an hour. (It is not running
> > out of diskspace).
> >
> > Should this be considered a
> > security type issue? I am asking
> > this question to gain perspective
> > on how to go about solving the issue.
> >
> > Thanks,
> > Roy Terry
> >
> > The orginal posting is
> > here.
> >
>
http://groups-beta.google.com/group/comp.lang.tcl/brows...
> >
> > And I have also posted a general inquiry today in
> > microsoft.public.windowsxp.perform_maintain
> >
> >
>
>
Anonymous
a b 8 Security
March 10, 2005 9:14:15 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Malke" <noreply@invalid.com> wrote in message
news:%239nEulZJFHA.1924@TK2MSFTNGP10.phx.gbl...
> Roy Terry wrote:
>
> > I'm currently working
> > to troubleshoot an apparently
> > valid application that merely
> > creates a very large number of files
> > which causes xp pro to "hang"
> > in less than an hour. (It is not running
> > out of diskspace).
> >
> > Should this be considered a
> > security type issue? I am asking
> > this question to gain perspective
> > on how to go about solving the issue.
> >
>
> Hi, Roy. I wouldn't say offhand that this is a security issue. If this
> program is the only one that gives you a problem, it is probably
> something with that particular application. What is its name? Can you
> contact the app's tech support or look on the mftr.'s website to see if
> this is a known issue? Did the program ever work correctly? If so, what
> changed?
Well I am the developer of the app as written in Tcl. I have also posted
the program to the comp.lang.tcl NG so I'm hoping for good clues
from those readers. It's definitely not a (commonly) known issue.

Cheers and thanks,
Roy
>
> Malke
> --
> MS MVP - Windows Shell/User
> www.elephantboycomputers.com
> In Memoriam - MVP Alex Nichol
>
March 10, 2005 9:14:16 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Roy Terry wrote:

> "Malke" <noreply@invalid.com> wrote in message
> news:%239nEulZJFHA.1924@TK2MSFTNGP10.phx.gbl...
>> Roy Terry wrote:
>>
>> > I'm currently working
>> > to troubleshoot an apparently
>> > valid application that merely
>> > creates a very large number of files
>> > which causes xp pro to "hang"
>> > in less than an hour. (It is not running
>> > out of diskspace).
>> >
>> > Should this be considered a
>> > security type issue? I am asking
>> > this question to gain perspective
>> > on how to go about solving the issue.
>> >
>>
>> Hi, Roy. I wouldn't say offhand that this is a security issue. If
>> this program is the only one that gives you a problem, it is probably
>> something with that particular application. What is its name? Can you
>> contact the app's tech support or look on the mftr.'s website to see
>> if this is a known issue? Did the program ever work correctly? If so,
>> what changed?
> Well I am the developer of the app as written in Tcl. I have also
> posted the program to the comp.lang.tcl NG so I'm hoping for good
> clues
> from those readers. It's definitely not a (commonly) known issue.

Thanks for clarifying. As you say, this isn't a common issue and you'll
get more help developer-to-developer since you all speak the same
language ;-).

Good luck,

Malke
--
MS MVP - Windows Shell/User
www.elephantboycomputers.com
In Memoriam - MVP Alex Nichol
The world is diminished without him.
Anonymous
a b 8 Security
March 10, 2005 9:22:17 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Dave" <noone@nowhere.com> wrote in message
news:o dteAyZJFHA.2772@TK2MSFTNGP14.phx.gbl...
>
> "Malke" <noreply@invalid.com> wrote in message
> news:%239nEulZJFHA.1924@TK2MSFTNGP10.phx.gbl...
> > Roy Terry wrote:
> >
> > > I'm currently working
> > > to troubleshoot an apparently
> > > valid application that merely
> > > creates a very large number of files
> > > which causes xp pro to "hang"
> > > in less than an hour. (It is not running
> > > out of diskspace).
> > >
> > > Should this be considered a
> > > security type issue? I am asking
> > > this question to gain perspective
> > > on how to go about solving the issue.
> > >
> >
> > Hi, Roy. I wouldn't say offhand that this is a security issue. If this
> > program is the only one that gives you a problem, it is probably
> > something with that particular application. What is its name? Can you
> > contact the app's tech support or look on the mftr.'s website to see if
> > this is a known issue? Did the program ever work correctly? If so, what
> > changed?
> >
> > Malke
> > --
> > MS MVP - Windows Shell/User
> > www.elephantboycomputers.com
> > In Memoriam - MVP Alex Nichol
> >
>
> take a look at the link in the original post, its a tcl file system stress
> test... creates 3600 files in a folder in an hour then creates a new
folder
> and starts over... probably some resource leak in tcl or how the test is
> doing it.
That's fairly close - thanks for checking up. Actually the app
creates about 300 files *per second* with each file in a separate folder.
Then the
next second it adds another file to each of the 300 directories. When the
clock hour changes it creates a new set of sibling folders and continues
at the same rate. Unfortunately in most tests I've run on XP pro it never
gets
to the second hour :) 

I agree this looks like a resource leak of some
sort, Im just a bit uninformed about how to best nab the culprit. Is there a
"truss" like
tool for Windows XP? I am suspicious that Tcl is using the Windows i/o
calls in some
subtly "non-grooved" (non common) way that is exposing a bug in XP (or call
it a bug
in Tcl if you like - I just need to solve it :^) . Sensible?

Thanks,
Roy
>
>
March 12, 2005 10:10:42 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

In news:5x%Xd.5138$oO4.126@newsread3.news.pas.earthlink.net,
Roy Terry <royterry@earthlink.net> had this to say:

My reply is at the bottom of your sent message:

> Should this be considered a
> security type issue? I am asking
> this question to gain perspective
> on how to go about solving the issue.

This is POTENTIALLY heading into the realm of buffer overflow exploits my
good sir. A security problem? Does it run over a network or while a network
is in place? If it does then it it also slows the system down to the point
at which the buffer is full then it's open for exploitation. Likely? No.
Possible? Yes. Everything's a security vulnerability if you look at it
'right.' This seems to be potentially dangerous as it might be using system
resources that are better left to the OS as opposed to the application. Do
you have it set to run with an elevated priority like real time or high? If
so simply set it to normal. If not then at least recommend the user
disconnect from the 'net first.

Galen

--
Signature changed for a moment of silence.
Rest well Alex and we'll see you on the other side.
Anonymous
a b 8 Security
March 13, 2005 8:46:37 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Galen" <galennews@gmail.com> wrote in message
news:uPh4FyvJFHA.2136@TK2MSFTNGP14.phx.gbl...
> In news:5x%Xd.5138$oO4.126@newsread3.news.pas.earthlink.net,
> Roy Terry <royterry@earthlink.net> had this to say:
>
> My reply is at the bottom of your sent message:
>
> > Should this be considered a
> > security type issue? I am asking
> > this question to gain perspective
> > on how to go about solving the issue.
>
> This is POTENTIALLY heading into the realm of buffer overflow exploits my
> good sir. A security problem? Does it run over a network or while a
network
> is in place? If it does then it it also slows the system down to the point
> at which the buffer is full then it's open for exploitation. Likely? No.
> Possible? Yes. Everything's a security vulnerability if you look at it
> 'right.' This seems to be potentially dangerous as it might be using
system
> resources that are better left to the OS as opposed to the application. Do
> you have it set to run with an elevated priority like real time or high?
If
> so simply set it to normal. If not then at least recommend the user
> disconnect from the 'net first.
The program does not run at elevated priority, though typically
I am logged in as administrator when I run it. Should that
make a difference?
Re network, yes it runs in a small and private network of
cooperating machines but files get created locally
I'm wondering if people think saving, say 100 files per second
of average 50K size is too much to ask for XP pro to
do over a disk usage of say 500 GB. Will the MFT
handle it? (There is a max of 3600 files in any one directory)

Thanks,
Roy

>
> Galen
>
> --
> Signature changed for a moment of silence.
> Rest well Alex and we'll see you on the other side.
>
>