Re: insecure scheduler in OpenBSD 4.7

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Alexandre Ratchov

Subject: Re: insecure scheduler in OpenBSD 4.7

Date: Tuesday, October 12, 2010 - 4:57 am

On Tue, Oct 12, 2010 at 12:41:04AM +0400, Dmitry-T wrote:
quoted text> I'm install OpenBSD 4.7 (dmesg attached)
> 
> uname -a
> OpenBSD d1.my.domain 4.7 GENERIC#112 amd64
> 
> Run as root:
> dd if=/dev/wd0c of=/dev/null bs=1m &
> dd if=/dev/wd0c of=/dev/null bs=1m &
> dd if=/dev/wd0c of=/dev/null bs=1m &
> 
> top
> 
> load averages:  3.12,  2.50,  1.49    16:54:08
> 37 processes:  36 idle, 1 on processor
> CPU states:  0.1% user,  0.0% nice,  7.3% system,  3.6% interrupt, 89.1% idle
> Memory: Real: 35M/339M act/tot  Free: 2393M  Swap: 0K/3071M used/tot
> 
>   PID USERNAME PRI NICE  SIZE   RES STATE     WAIT      TIME    CPU COMMAND
>   754 root     -14    0 2232K 1228K sleep     inode     0:24  6.10% dd
> 25914 root      -5    0 2216K 1224K sleep     getblk    0:24  6.05% dd
> 21919 root     -14    0 2204K 1224K sleep     inode     2:08  5.96% dd
> 
> iostat wd0 1
> 
>       tty            wd0             cpu
>  tin tout  KB/t t/s MB/s  us ni sy in id
>    0    0  2.00 5141 10.04   0  0 23 13 64
>    0    0  2.00 5021 9.81   0  0 16 10 74
>    0  299  2.00 5206 10.17   0  0 21  8 71
>    0    0  2.00 5066 9.90   0  0 15  8 77
> 
> 
> Run as _normal user_:
> dd if=/dev/urandom of=/dev/null
> 
> Try to recover ballance:
> renice 20 -p 30996
> renice -20 -p 21919 25914 754
         ^^^^^

If you run any cpu bound process with priority -20, you will give all
the cpu to that process, without giving any chance to other processes
to run, so your box will hang until it terminates. This requires root
privileges.

quoted text> 
> It is not secure. One user script or program may load CPU and
> database or another servers lost speed in disk operations.
> This is hole for DOS attacks in OpenBSD design.

Yeah, this is an attack root can do by renicing a cpu bound process,
but ``rm -rf /'' is much easier, isn't it?

-- Alexandre

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 1:41 pm)

Re: insecure scheduler in OpenBSD 4.7, Ted Unangst, (Mon Oct 11, 1:54 pm)

Re: insecure scheduler in OpenBSD 4.7, Martin Schröder, (Mon Oct 11, 1:59 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 2:12 pm)

Re: insecure scheduler in OpenBSD 4.7, Firas Kraiem, (Mon Oct 11, 2:22 pm)

Re: insecure scheduler in OpenBSD 4.7, Henning Brauer, (Mon Oct 11, 2:22 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 2:43 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 3:09 pm)

Re: insecure scheduler in OpenBSD 4.7, Gilles Chehade, (Mon Oct 11, 3:23 pm)

Re: insecure scheduler in OpenBSD 4.7, Brad Tilley, (Mon Oct 11, 3:49 pm)

Re: insecure scheduler in OpenBSD 4.7, Fred Crowson, (Mon Oct 11, 4:11 pm)

Re: insecure scheduler in OpenBSD 4.7, Tomas Bodzar, (Mon Oct 11, 9:04 pm)

Re: insecure scheduler in OpenBSD 4.7, Jean-Francois, (Tue Oct 12, 4:07 am)

Re: insecure scheduler in OpenBSD 4.7, Alexandre Ratchov, (Tue Oct 12, 4:57 am)

Re: insecure scheduler in OpenBSD 4.7, Oliver Peter, (Tue Oct 12, 5:35 am)

Re: insecure scheduler in OpenBSD 4.7, ÐÐ¼Ð¸ÑÑÐ¸Ð¹ Ð¦Ð°Ñ ..., (Tue Oct 12, 6:14 am)

Re: insecure scheduler in OpenBSD 4.7, J Sisson, (Tue Oct 12, 7:39 am)

Re: insecure scheduler in OpenBSD 4.7, Jordi Espasa Clofent, (Tue Oct 12, 7:59 am)

Re: insecure scheduler in OpenBSD 4.7, Christiano F. Haesbaert, (Tue Oct 12, 8:51 am)

Re: insecure scheduler in OpenBSD 4.7, Jeremy O'Brien, (Thu Dec 16, 5:56 pm)

Re: insecure scheduler in OpenBSD 4.7, Kevin Chadwick, (Fri Dec 17, 3:39 am)

Navigation

Popular discussions


linux-kernel:
Paul Turner	[tg_shares_up rewrite v4 11/11] sched: update tg->shares after cpu.shares write
Mr. James W. Laferriere	Re: Linux 2.6.25-rc1 , syntax error near unexpected token `;'
Linus Torvalds	Linux 2.6.34-rc4
Colin Cross	[PATCH 12/21] ARM: tegra: Add suspend and hotplug support
Chuck Ebbert	Re: PCI: Unable to reserve mem region problem
git:
Ralf Wildenhues	[PATCH] Fix typos in the documentation
Len Brown	Re: fatal: unable to create '.git/index': File exists
Denis Bueno	Git clone error
Paolo Bonzini	Re: [RFC/PATCH 5/6] revert: add --ff option to allow fast forward when cherry-pick...
Sam Vilain	Re: RFC: Flat directory for notes, or fan-out? Both!
git-commits-head:
Linux Kernel Mailing List	ASoC: fix registration of the SoC card in the Freescale MPC8610 drivers
Linux Kernel Mailing List	drivers/acpi: use kasprintf
Linux Kernel Mailing List	nfsd41: sanity check client drc maxreqs
Linux Kernel Mailing List	bnx2x: Moving includes
Linux Kernel Mailing List	V4L/DVB: gspca - sonixj: Adjust minor values of sensor ov7630. - set the color ga...
openbsd-misc:
Sevan / Venture37	Re: This is what Linus Torvalds calls openBSD crowd
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
Siju George	This is what Linus Torvalds calls openBSD crowd
Darrin Chandler	Re: OT: Python (was Re: vi in /bin)
Sam Fourman Jr.	Re: Help with Altell PC6700
linux-netdev:
Jamie Lokier	Re: POHMELFS high performance network filesystem. Transactions, failover, performa...
Kurt Van Dijck	Re: [PATCH net-next-2.6 1/2] can: add driver for Softing card
Eric Dumazet	Re: [PATCH net-next-2.6] net: Introduce skb_orphan_try()
Jarek Poplawski	Re: socket api problem: can't bind an ipv6 socket to ::ffff:0.0.0.0
David Miller	Re: [PATCH v2] net: typos in comments in include/linux/igmp.h

Colocation donated by:

Syndicate