Date: Wed, 31 Jan 2007 15:42:26 +0100 (CET) From: Oliver Fromme <olli@lurza.secnetix.de> To: freebsd-hackers@FreeBSD.ORG, waldeck@gmx.de Subject: Re: top delay value Message-ID: <200701311442.l0VEgQbA093491@lurza.secnetix.de> In-Reply-To: <20070130162350.126210@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Dr. Markus Waldeck wrote:
> Oliver Fromme wrote:
> > Well, an unprivileged user can achieve the same effect by
> > typing "while :; do :; done". There are a thousand ways
> > to waste CPU time, and there is no way to prevent a user
> > > from doing it.
>
> It is not the same effect.
>
> You describe fork bombing.
No. What I write above is not a "fork bomb", it's a single
process which is wasting CPU in a busy loop. It's exactly
equivalent to top(1) with zero delay, except that top
produces some output, while a busy loop does nothing useful
at all.
> I could limit the number of process via
> :maxproc=100: \
> in /etc/login.conf
Which doesn't help against a busy loop.
> > If you want to make top more secure, type "chmod 700 /usr/bin/top".
>
> :-)
Actually I was serious. Normal users don't really need to
run top (which is only contributed third-party software
anyway). It doesn't provide any information that you
can't get with other regular tools, such as ps(1) which
is a native FreeBSD tools.
By the way, you can "emulate" top(1) with run ps(1) in a
shell loop like this (sh/zsh/ksh/bash syntax):
while :; do clear; ps -a; sleep 1; done
Do get zero delay, simply remove the sleep command from the
loop ... That's actually _worse_ than top(1) with zero
delay, because kernel cycles are wasted for the fork() and
exec() calls, not to mention I/O and other syscalls. An
empty shell loop ("while :; do :; done") doesn't perform
any syscalls into the kernel.
Bottom line: Disabling zero-delay in top doesn't buy you
anything at all. In fact, it might cause your users to
invent work-arounds (for example shell loops) that waste
even more resources.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, USt-Id: DE204219783
Any opinions expressed in this message are personal to the author and may
not necessarily reflect the opinions of secnetix GmbH & Co KG in any way.
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"... there are two ways of constructing a software design: One way
is to make it so simple that there are _obviously_ no deficiencies and
the other way is to make it so complicated that there are no _obvious_
deficiencies." -- C.A.R. Hoare, ACM Turing Award Lecture, 1980
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701311442.l0VEgQbA093491>