Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 Jan 2007 10:56:46 -0500
From:      Mike Meyer <mwm-keyword-freebsdhackers2.e313df@mired.org>
To:        waldeck@gmx.de
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: top delay value 
Message-ID:  <17855.27326.236882.38629@bhuda.mired.org>
In-Reply-To: <20070130140227.26613101832@hk2.uwaterloo.ca>
References:  <20070130140227.26613101832@hk2.uwaterloo.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
In <20070130140227.26613101832@hk2.uwaterloo.ca>, waldeck@gmx.de typed:
> An unprivileged user could waste all CPU time by setting a low delay value in top (interactive or via -s).

No, they can't. Should they use the interactive facility to set the
delay to 0 (you can't do that via the -s switch), then top will
compete evenly with normal users processes until it accumulates enough
CPU that the scheduler changes it's nice value. It then no longer
competes with normal user processes for CPU. At that point, the CPU
cyles it's "wasting" are mostly cycles that would have been "wasted"
in an idle loop anyway. Generally (but not always), there's no real
reason to care about such.

> Is there any possibility to deactivate this functionality without recompilation?

chmod 0 /usr/bin/top

> There are other top implementations that use a "secure mode" configuration
> which avoids the setting of the delay value for unprivileged users.

There are *lots* of commands on the system that can be coerced into
spinning on the CPU doing nothing, starting with /bin/sh. The correct
place to deal with this issue is in the kernel scheduler, so you can
do it once and for all.

That said, there may be a use case where you want a top display to be
available without the interactive commands being available, ala the
"secure mode" you mention. That can be provided with a little work,
depending on the exact goals.

	<mike
-- 
Mike Meyer <mwm@mired.org>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17855.27326.236882.38629>