Re: insecure scheduler in OpenBSD 4.7

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Firas Kraiem

Subject: Re: insecure scheduler in OpenBSD 4.7

Date: Monday, October 11, 2010 - 2:22 pm

On 11/10/2010 23:12, Dmitry-T wrote:
quoted text> 12.10.10, 00:54, "Ted Unangst" <ted.unangst@gmail.com>:
> 
>> On Mon, Oct 11, 2010 at 4:41 PM, Dmitry-T  wrote:
>>  > Run as _normal user_:
>>  > dd if=/dev/urandom of=/dev/null
>>  
>>  > It is not secure. One user script or program may load CPU and
>>  > database or another servers lost speed in disk operations.
>>  > This is hole for DOS attacks in OpenBSD design.
>>  >
>>  > How you use the OpenBSD as web servers and hosting platform?
>>  > Permanently catch and kill processes?
>>  
>>  echo yes | rmuser `ps ua -p \`pgrep dd\` | tail -1 | awk '{print }'`
> 
> This is naive :)

You're the naive one. If a user can DOS the system just by doing dd, it
means the system's policy is very weak, so the user can probably just as
well throw a forkbomb.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 1:41 pm)

Re: insecure scheduler in OpenBSD 4.7, Ted Unangst, (Mon Oct 11, 1:54 pm)

Re: insecure scheduler in OpenBSD 4.7, Martin Schröder, (Mon Oct 11, 1:59 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 2:12 pm)

Re: insecure scheduler in OpenBSD 4.7, Firas Kraiem, (Mon Oct 11, 2:22 pm)

Re: insecure scheduler in OpenBSD 4.7, Henning Brauer, (Mon Oct 11, 2:22 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 2:43 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 3:09 pm)

Re: insecure scheduler in OpenBSD 4.7, Gilles Chehade, (Mon Oct 11, 3:23 pm)

Re: insecure scheduler in OpenBSD 4.7, Brad Tilley, (Mon Oct 11, 3:49 pm)

Re: insecure scheduler in OpenBSD 4.7, Fred Crowson, (Mon Oct 11, 4:11 pm)

Re: insecure scheduler in OpenBSD 4.7, Tomas Bodzar, (Mon Oct 11, 9:04 pm)

Re: insecure scheduler in OpenBSD 4.7, Jean-Francois, (Tue Oct 12, 4:07 am)

Re: insecure scheduler in OpenBSD 4.7, Alexandre Ratchov, (Tue Oct 12, 4:57 am)

Re: insecure scheduler in OpenBSD 4.7, Oliver Peter, (Tue Oct 12, 5:35 am)

Re: insecure scheduler in OpenBSD 4.7, ÐÐ¼Ð¸ÑÑÐ¸Ð¹ Ð¦Ð°Ñ ..., (Tue Oct 12, 6:14 am)

Re: insecure scheduler in OpenBSD 4.7, J Sisson, (Tue Oct 12, 7:39 am)

Re: insecure scheduler in OpenBSD 4.7, Jordi Espasa Clofent, (Tue Oct 12, 7:59 am)

Re: insecure scheduler in OpenBSD 4.7, Christiano F. Haesbaert, (Tue Oct 12, 8:51 am)

Re: insecure scheduler in OpenBSD 4.7, Jeremy O'Brien, (Thu Dec 16, 5:56 pm)

Re: insecure scheduler in OpenBSD 4.7, Kevin Chadwick, (Fri Dec 17, 3:39 am)


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Mr. James W. Laferriere	Re: Linux 2.6.25-rc1 , syntax error near unexpected token `;'
Linus Torvalds	Linux 2.6.34-rc4
Colin Cross	[PATCH 12/21] ARM: tegra: Add suspend and hotplug support
Chuck Ebbert	Re: PCI: Unable to reserve mem region problem
git:
Ralf Wildenhues	[PATCH] Fix typos in the documentation
Len Brown	Re: fatal: unable to create '.git/index': File exists
Denis Bueno	Git clone error
Paolo Bonzini	Re: [RFC/PATCH 5/6] revert: add --ff option to allow fast forward when cherry-pick...
Sam Vilain	Re: RFC: Flat directory for notes, or fan-out? Both!
git-commits-head:
Linux Kernel Mailing List	ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	nfsd41: sanity check client drc maxreqs
Linux Kernel Mailing List	bnx2x: Moving includes
Linux Kernel Mailing List	V4L/DVB: gspca - sonixj: Adjust minor values of sensor ov7630. - set the color ga...
openbsd-misc:
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Siju George	This is what Linus Torvalds calls openBSD crowd
Darrin Chandler	Re: OT: Python (was Re: vi in /bin)
Sam Fourman Jr.	Re: Help with Altell PC6700
linux-netdev:
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Kurt Van Dijck	Re: [PATCH net-next-2.6 1/2] can: add driver for Softing card
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
Jarek Poplawski	Re: socket api problem: can't bind an ipv6 socket to ::ffff:0.0.0.0
David Miller	Re: [PATCH v2] net: typos in comments in include/linux/igmp.h