OSNews

I got the impression that the article was only posted on the blog site because people were commenting on how long it took to release and MS wanted to save face

Keep in mind that without actually knowing the design in more detail and understanding motivations behind it, its very difficult to be an accurate judge.

"Look.. the day I see Operating Systems: Design & Implementation books used in a respectable university come with a chapter dedicated to icon rendering (???)"

The day a university develops, releases, and maintains something as large and complex as Windows (or anything similar to the public domain), I'll let academia be the judge as to why MS chose to do things the way they did.

Like most other things in Windows that kind of make you go "WTF" it's gotta be related to backwards compatibility.

"The day a university develops, releases, and maintains something as large and complex as Windows (or anything similar to the public domain), I'll let academia be the judge as to why MS chose to do things the way they did. "

hmmm come to thnk of it there was that litle thing called....uh what was it again..... the _______ Software Distrobution.....oh wait!

http://en.wikipedia.org/wiki/BSD

:)

We're rendering the cursor here, not icons. This cursor is always displayed and in some cases the graphics card is involved in drawing the cursor. It stands to reason that drawing the cursor should be one of the core functions of the graphics server. In Windows, the graphics server partly runs in kernel mode (in win32k.sys), so in that sense it's in the core of the OS.

This does not mean that it's anywhere near the scheduler, or IO manager, or anything else that you'd consider fundamental to the OS. The icon handling code and cursor management is in the core of the windowing system, and most applications on windows are graphical, so in a sense this is in the core of what applications use the most. And errors here are most noticeable to the user.

Where else would you propose to draw things like the cursor or to draw an icon but in the core of the GUI?

I would proposed to draw cursors and icons in userspace, preferably in a process running without login privileges.

From the explanation here, I can only speculate that the actual rendering is done by a library routine in user32.dll, but it relies on the kernel to get the position of the cursor on the viewport and to copy the rendered bitmap into a kernel buffer. Specify a malicious animated icon, and the kernel might do bad things.

Again, this is just speculation, but this seems like a simple issue of not properly validating data from userspace, exacerbated by some core graphics code running in the kernel.

As for the 80 issues they claim to have found while developing the fix, I further speculate that many of these are silly complaints (including false positives) from their automated static analysis tool, PREfix.

Well, yes, but animation itself and it's vulneabilities scatered around two core files? I don't think that's okay.
Another thing is, that they were testing chanches in animated cursor for two monts, those two months when the vulneability was widely known to anybody interested. That vorries me much more.

I agree. This seems so stupid. To make graphics faster, windows moved tons of graphics code in kernel mode driver called win32k.sys as the name stands win32 in kernel:)

This is the stupid stuff that people in Microsoft keep doing. Instead of solving real design or performance issues, people put hacks around them.

Look for superfetch in vista, because they can't make vista faster, they designed a patched solution called superfetch. Lame i must say...

This patch to the way cursors are animated, in the works for 3 months, which affects the very core of the operating system, has broken your ability to boot with DVD drives attached?

I'll certainly remember that one next time someone tries to convince me about how modular Windows is!

Edited 2007-04-05 18:07