Ming-Hwa Li
2005-09-21 18:04:47 UTC
Š³€@²{¶HŠV€j®aœÐ±Ð:
št²ÎÀô¹Ò: Windows XP prof(^»y) + SP2, IIS 5.1.
Our application needs to reload an asp page which creates DCOM
objects periodically. When the page hit rate is high enough (e.g.,
once per second), RPC server(hosted by svchost) will have security
token handle(±±šîœX) leak (one of the SVCHost.exe has handles
growing).
Technically it may not be a leak because after stopping the page
access for a long time, the handles are slowly released, but it would
take a long time, before that the handles can grow to over 70K and
web access starts to fail. The system may also become unstable when
handle number is very high.
¥H€U¬° asp ¥Ü·NœdšÒ:
<%@ Language=JavaScript %>
<%
var myServer = new ActiveXObject("MyServer.MyObject");
// not even calling any method, STA, FreeThreaded, all the same.
myServer = null;
%>
<HTML>
<HEAD>
<meta http-equiv="refresh" content="1">
</HEAD>
<BODY>
ŽúžÕ
</BODY>
</HTML>
MyServer.MyObject is a DCOM object that is configured to allow
IUSR_<¥DŸ÷ŠW> to launch and execute it.
The handles will be released immediately if web server is stopped.
So far the only workaround I found is in the IIS web site/¹w³]¯ž¥x
(or web application/À³¥Îµ{Š¡, if applicable) Home Directory property
page(¥D¥Ø¿ý¶), sets the Application Protection (À³¥Îµ{Š¡«OÅ@)
mode to low(§C/IIS³B²z).
œÐ°ÝŠ³šSŠ³€HªŸ¹D³o¬O«ç»ò€@Š^šÆ?¬O§_Š³žÑ?
w3svc.dll ª©¥»: 5.1.2600.2180
asp.dll ª©¥»: 5.1.2600.2180
rpcss.dll ª©¥»: 5.1.2600.2665
ÁÂÁÂ,
minghwa
št²ÎÀô¹Ò: Windows XP prof(^»y) + SP2, IIS 5.1.
Our application needs to reload an asp page which creates DCOM
objects periodically. When the page hit rate is high enough (e.g.,
once per second), RPC server(hosted by svchost) will have security
token handle(±±šîœX) leak (one of the SVCHost.exe has handles
growing).
Technically it may not be a leak because after stopping the page
access for a long time, the handles are slowly released, but it would
take a long time, before that the handles can grow to over 70K and
web access starts to fail. The system may also become unstable when
handle number is very high.
¥H€U¬° asp ¥Ü·NœdšÒ:
<%@ Language=JavaScript %>
<%
var myServer = new ActiveXObject("MyServer.MyObject");
// not even calling any method, STA, FreeThreaded, all the same.
myServer = null;
%>
<HTML>
<HEAD>
<meta http-equiv="refresh" content="1">
</HEAD>
<BODY>
ŽúžÕ
</BODY>
</HTML>
MyServer.MyObject is a DCOM object that is configured to allow
IUSR_<¥DŸ÷ŠW> to launch and execute it.
The handles will be released immediately if web server is stopped.
So far the only workaround I found is in the IIS web site/¹w³]¯ž¥x
(or web application/À³¥Îµ{Š¡, if applicable) Home Directory property
page(¥D¥Ø¿ý¶), sets the Application Protection (À³¥Îµ{Š¡«OÅ@)
mode to low(§C/IIS³B²z).
œÐ°ÝŠ³šSŠ³€HªŸ¹D³o¬O«ç»ò€@Š^šÆ?¬O§_Š³žÑ?
w3svc.dll ª©¥»: 5.1.2600.2180
asp.dll ª©¥»: 5.1.2600.2180
rpcss.dll ª©¥»: 5.1.2600.2665
ÁÂÁÂ,
minghwa