From owner-freebsd-hackers@FreeBSD.ORG Wed Jan 31 14:42:33 2007 Return-Path: X-Original-To: freebsd-hackers@FreeBSD.ORG Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A0F2D16A407 for ; Wed, 31 Jan 2007 14:42:33 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.freebsd.org (Postfix) with ESMTP id 12A7213C4B3 for ; Wed, 31 Jan 2007 14:42:32 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (spslgh@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.4/8.13.4) with ESMTP id l0VEgQOb093492; Wed, 31 Jan 2007 15:42:31 +0100 (CET) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.4/8.13.1/Submit) id l0VEgQbA093491; Wed, 31 Jan 2007 15:42:26 +0100 (CET) (envelope-from olli) Date: Wed, 31 Jan 2007 15:42:26 +0100 (CET) Message-Id: <200701311442.l0VEgQbA093491@lurza.secnetix.de> From: Oliver Fromme To: freebsd-hackers@FreeBSD.ORG, waldeck@gmx.de In-Reply-To: <20070130162350.126210@gmx.net> X-Newsgroups: list.freebsd-hackers User-Agent: tin/1.8.2-20060425 ("Shillay") (UNIX) (FreeBSD/4.11-STABLE (i386)) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Wed, 31 Jan 2007 15:42:31 +0100 (CET) Cc: Subject: Re: top delay value X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-hackers@FreeBSD.ORG, waldeck@gmx.de List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 14:42:33 -0000 Dr. Markus Waldeck wrote: > Oliver Fromme wrote: > > Well, an unprivileged user can achieve the same effect by > > typing "while :; do :; done". There are a thousand ways > > to waste CPU time, and there is no way to prevent a user > > > from doing it. > > It is not the same effect. > > You describe fork bombing. No. What I write above is not a "fork bomb", it's a single process which is wasting CPU in a busy loop. It's exactly equivalent to top(1) with zero delay, except that top produces some output, while a busy loop does nothing useful at all. > I could limit the number of process via > :maxproc=100: \ > in /etc/login.conf Which doesn't help against a busy loop. > > If you want to make top more secure, type "chmod 700 /usr/bin/top". > > :-) Actually I was serious. Normal users don't really need to run top (which is only contributed third-party software anyway). It doesn't provide any information that you can't get with other regular tools, such as ps(1) which is a native FreeBSD tools. By the way, you can "emulate" top(1) with run ps(1) in a shell loop like this (sh/zsh/ksh/bash syntax): while :; do clear; ps -a; sleep 1; done Do get zero delay, simply remove the sleep command from the loop ... That's actually _worse_ than top(1) with zero delay, because kernel cycles are wasted for the fork() and exec() calls, not to mention I/O and other syscalls. An empty shell loop ("while :; do :; done") doesn't perform any syscalls into the kernel. Bottom line: Disabling zero-delay in top doesn't buy you anything at all. In fact, it might cause your users to invent work-arounds (for example shell loops) that waste even more resources. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, USt-Id: DE204219783 Any opinions expressed in this message are personal to the author and may not necessarily reflect the opinions of secnetix GmbH & Co KG in any way. FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "... there are two ways of constructing a software design: One way is to make it so simple that there are _obviously_ no deficiencies and the other way is to make it so complicated that there are no _obvious_ deficiencies." -- C.A.R. Hoare, ACM Turing Award Lecture, 1980