Re: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc.
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 02/16/04
- Previous message: Steve Wray: "RE: [Full-Disclosure] GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution"
- In reply to: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc."
- Next in thread: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Date: Mon, 16 Feb 2004 13:18:28 +1300
Valdis.Kletnieks@vt.edu wrote:
> On Sat, 14 Feb 2004 16:42:39 GMT, Lee <cheekypeople@sec33.com> said:
> > again its 1/100 of standardd MS code for a OS, lets get a grip please... and
> > I think I see the company who let the source get loose come out and say
>
> Most earlier estimates of the Win2K source were about 45M lines of code (I think
> the "40 gig" being tossed around is the size of the source-control-system database).
> And I've seen the number 12.5M lines of code escaped. That's closer to 1/3 than
> to 1/100.
Indeed -- there are some public domain references (from folk who should
know) about the size of the source control system, but of course that
is way more than just the final source. Using the 45M lines of code
estimate (was it reallY?? perhaps for server with IIS, etc?), some
simple maths tells us something about the expected size of the source.
Assume an average of 60 characters per line (reasonable??), assume a
simple .ZIP compression ratio of 70% (seems a tad low for .C source
based on some large .ZIPs I just checked on this machine -- most ran
72-75%):
45M * 60 * 0.30 = 810MB
Vary to suit your tastes regarding likely average line length and .ZIP
compression ratio...
Also, consider that the directory listings I've seen posted for the
"leaked" .ZIPs show that there is quite a bit of cruft included (.EML
files and other non-source stuff like core dumps) and make further
adjustments. So, it seems that the "leaked" source is considerably
more than 1/100th the original. I think Valdis' 1/3 estimate may be a
tad low as I think I saw the 12.5M lines estimate for the NT code base.
Ahh, yes -- Russ Cooper posted the following to NTBugtraq:
1. NT source is NT 4.0 SP3, contains 27000+ files (658MB). It is all
NT 4.0 Server except IIS, includes IE 4. No references to Mainsoft
(see http://www.eweek.com/article2/0,4149,1526830,00.asp.)
2. W2K is SP1, a very small subset, IE 5, SNMP, PKI, networking and
some SDK stuff. 28000+ files (338MB - although many of these are
empty mail messages and other crap.) Does contain 3 references to
MainSoft. Much of what is there is available elsewhere.
and in another message Russ wrote:
Couple of corrections.
1. There were 27,142 NT 4.0 SP3 files totaling 338MB.
2. There were 28,782 W2K SP1 files totaling 658MB.
3. It does appear that all of both versions are present, minus IIS.
4. 10,425 of the 27k NT files are actually source totaling 193MB
uncompressed.
5. 8,367 of the 28k W2K files are actually source totaling 217MB
uncompressed.
Archived copies of the full messages from which these comments were
extracted are at (sorry, URLs will wrap):
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0402&L=ntbugtraq
& F=P&S=&P=2868
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0402&L=ntbugtraq
&F=P&S=&P=2954
A followup comment by Dragos Ruiu may be of interest too:
http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0402&L=ntbugtraq
&F=P&S=&P=3155
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Steve Wray: "RE: [Full-Disclosure] GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution"
- In reply to: Valdis.Kletnieks_at_vt.edu: "Re: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc."
- Next in thread: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] Windows 2000 Source Leak Verified. Get ready for the havoc."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
