Date: Tue, 30 Jan 2007 11:25:16 GMT From: "Dr. Markus Waldeck"<waldeck@gmx.de> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/108547: top allows local denial of service attack Message-ID: <200701301125.l0UBPGQZ044694@www.freebsd.org> Resent-Message-ID: <200701301130.l0UBUFi4058291@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108547 >Category: bin >Synopsis: top allows local denial of service attack >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jan 30 11:30:14 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Dr. Markus Waldeck >Release: 7.0-CURRENT-200701 >Organization: >Environment: >Description: An unprivileged user could waste all CPU time by setting a low delay value in top (interactive or via -s). Is there any possibility to deactivate this functionality without recompilation? There are other top implementations that use a "secure mode" configuration which avoids the setting of the delay value for unprivileged users. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701301125.l0UBPGQZ044694>