Thanks to LA CocoaHeads on my pasteboard bug

  • Thanks to last Thursday's LA CocoaHeads meeting, we found a bug in my
    software that I had been looking for for a couple of days.

        I have been laboring under the illusion that individual applications
    should not be able to crash the system.  Wow, was I wrong.  I found that
    with anything that uses the pasteboards (in this case the drag pasteboard),
    it is possible to bring down the system big time.  I was messing it up so
    bad that I was unable to quit or force quit ANY application or restart from
    the menu.  The only way out was to force a reboot from the power button on
    my new MacBook Pro.

        I fear that someone might be able to exploit this to install a rogue
    background application that would make the machine unusable.  I would hope
    that there might be some way to protect against this.

    --
    Gordon Apple
    Ed4U
    Little Rock, AR
    <ga...>
  • On Sep 16, 2007, at 11:50 AM, Gordon Apple wrote:
    ...
    > I found that
    > with anything that uses the pasteboards (in this case the drag
    > pasteboard),
    > it is possible to bring down the system big time.  I was messing it
    > up so
    > bad that I was unable to quit or force quit ANY application or
    > restart from
    > the menu.  The only way out was to force a reboot from the power
    > button on
    > my new MacBook Pro.
    >
    > I fear that someone might be able to exploit this to install a
    > rogue
    > background application that would make the machine unusable.  I
    > would hope
    > that there might be some way to protect against this.

    This is serious. What was the bug number you got when you reported it
    at bugreport.apple.com?

    — F
  • On Sep 16, 2007, at 11:30 AM, Fritz Anderson wrote:

    >
    > On Sep 16, 2007, at 11:50 AM, Gordon Apple wrote:
    > ...
    >> I found that
    >> with anything that uses the pasteboards (in this case the drag
    >> pasteboard),
    >> it is possible to bring down the system big time.  I was messing
    >> it up so
    >> bad that I was unable to quit or force quit ANY application or
    >> restart from
    >> the menu.  The only way out was to force a reboot from the power
    >> button on
    >> my new MacBook Pro.
    >>
    >> I fear that someone might be able to exploit this to install a
    >> rogue
    >> background application that would make the machine unusable.  I
    >> would hope
    >> that there might be some way to protect against this.
    >
    > This is serious. What was the bug number you got when you reported
    > it at bugreport.apple.com?

    It wasn't really a pasteboard problem.  The bug involved unarchiving
    from an uninitialized NSData variable, so the unarchiver was reading
    in garbage.  I can think of other ways to bring a machine to its
    knees (spawning lots of threads and processes is just one example).

    As for turning this into an exploit, you're only in danger if you
    install rogue software on your computer, which you don't want to do
    in general.

    Best,

    __jayson

    Circus Ponies NoteBook - Organization for a Creative Mind
    www.circusponies.com
previous month september 2007 next month
MTWTFSS
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Go to today