Date: Thu, 08 Sep 2005 00:02:27 +0100 From: Craig Edwards <brain@winbot.co.uk> To: Brooks Davis <brooks@one-eyed-alien.net> Cc: freebsd-security@freebsd.org, talonz <talonz@gmail.com> Subject: Re: ee using 99% cpu after user ssh session terminates abnormaly Message-ID: <431F7183.7080405@winbot.co.uk> In-Reply-To: <20050907223748.GB563@odin.ac.hmc.edu> References: <431F6941.20006@gmail.com> <20050907223748.GB563@odin.ac.hmc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
I can duplicate this with nano on freebsd 5.4 and 5.2.1 It seems that the process ignores the HUP signal maybe or ignores the EOF condition on stdin, and the select loop, or whatever it uses, just loops infinitely with nothing to read, constantly returning an error condition. At least this is what i suspect happens. Lazy programming somewhere... Thanks Craig Edwards Brooks Davis wrote: > On Thu, Sep 08, 2005 at 08:27:13AM +1000, talonz wrote: > >>Recently i have been using a dialup 56k account to access the net >>and have noticed that when my ssh session times out and I am editing >>a file in ` ee ' the system goes to 99% cpu usage and stays like >>this till the pid is killed. >>This is a standard user account (not root/su) >> >>Would a user be able to create a denial of service condition >>on the remote system using this bug? > > > No more then they could with the ablity to run any other program that > loops. > > >>(sorry if this is posted to the incorrect list) >> >>Details: >> >>System - FreeBSD 5.4-RELEASE-p5 >> >>ee using 99% cpu after user session terminates abnormaly >>PID reported by top. >> >>The output from ps looks like this >> >>[root@blah][~]$ ps aux| grep 70464 >>someuser 70464 93.5 0.1 1920 1372 p1- R 7:09PM 687:07.27 ee file > > > I can't seem to trigger this bug on a 7.0 machine either by killing the > client or using tcpdrop to kill the tcp session. > > -- Brooks >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?431F7183.7080405>