From owner-freebsd-security@FreeBSD.ORG Wed Sep 7 23:51:42 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE78216A41F for ; Wed, 7 Sep 2005 23:51:42 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.93]) by mx1.FreeBSD.org (Postfix) with ESMTP id 290E143D4C for ; Wed, 7 Sep 2005 23:51:41 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226]) by aiolos.otenet.gr (8.13.4/8.13.4/Debian-1) with SMTP id j87NpbXJ000691; Thu, 8 Sep 2005 02:51:37 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) by orion.daedalusnetworks.priv (8.13.4/8.13.4) with ESMTP id j87Npa5f013673; Thu, 8 Sep 2005 02:51:36 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost) by orion.daedalusnetworks.priv (8.13.4/8.13.4/Submit) id j87NpWUH013672; Thu, 8 Sep 2005 02:51:32 +0300 (EEST) (envelope-from keramida@freebsd.org) X-Authentication-Warning: orion.daedalusnetworks.priv: keramida set sender to keramida@freebsd.org using -f Date: Thu, 8 Sep 2005 02:51:32 +0300 From: Giorgos Keramidas To: Craig Edwards Message-ID: <20050907235132.GB13522@orion.daedalusnetworks.priv> References: <431F6941.20006@gmail.com> <20050907223748.GB563@odin.ac.hmc.edu> <431F7183.7080405@winbot.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <431F7183.7080405@winbot.co.uk> X-Mailman-Approved-At: Thu, 08 Sep 2005 11:34:32 +0000 Cc: freebsd-security@freebsd.org, talonz Subject: Re: ee using 99% cpu after user ssh session terminates abnormaly X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Sep 2005 23:51:43 -0000 On 2005-09-08 00:02, Craig Edwards wrote: > At least this is what i suspect happens. Lazy programming somewhere... > Brooks Davis wrote: > >On Thu, Sep 08, 2005 at 08:27:13AM +1000, talonz wrote: > >>Recently i have been using a dialup 56k account to access the net > >>and have noticed that when my ssh session times out and I am editing > >>a file in ` ee ' the system goes to 99% cpu usage and stays like > >>this till the pid is killed. This is a standard user account (not > >>root/su) > >> > >>Would a user be able to create a denial of service condition on the > >>remote system using this bug? > > > >No more then they could with the ablity to run any other program that > >loops. > > I can duplicate this with nano on freebsd 5.4 and 5.2.1 > > It seems that the process ignores the HUP signal maybe or ignores the > EOF condition on stdin, and the select loop, or whatever it uses, just > loops infinitely with nothing to read, constantly returning an error > condition. FWIW, pico seems to handle HUP just fine. So whatever causes nano to enter a loop is something that is done differently in nano.