Re: insecure scheduler in OpenBSD 4.7

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Jeremy O'Brien

Subject: Re: insecure scheduler in OpenBSD 4.7

Date: Thursday, December 16, 2010 - 5:56 pm

On Tue, Oct 12, 2010 at 01:57:20PM +0200, Alexandre Ratchov wrote:
quoted text> On Tue, Oct 12, 2010 at 12:41:04AM +0400, Dmitry-T wrote:
> > Try to recover ballance:
> > renice 20 -p 30996
> > renice -20 -p 21919 25914 754
>          ^^^^^
> 
> If you run any cpu bound process with priority -20, you will give all
> the cpu to that process, without giving any chance to other processes
> to run, so your box will hang until it terminates. This requires root
> privileges.
> 
> > 
> > It is not secure. One user script or program may load CPU and
> > database or another servers lost speed in disk operations.
> > This is hole for DOS attacks in OpenBSD design.
> 
> Yeah, this is an attack root can do by renicing a cpu bound process,
> but ``rm -rf /'' is much easier, isn't it?

I was curious why no one brought this up earlier. A normal user _can't_
nice processes to anything below 0. Therefore this point is moot.

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 1:41 pm)

Re: insecure scheduler in OpenBSD 4.7, Ted Unangst, (Mon Oct 11, 1:54 pm)

Re: insecure scheduler in OpenBSD 4.7, Martin Schröder, (Mon Oct 11, 1:59 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 2:12 pm)

Re: insecure scheduler in OpenBSD 4.7, Firas Kraiem, (Mon Oct 11, 2:22 pm)

Re: insecure scheduler in OpenBSD 4.7, Henning Brauer, (Mon Oct 11, 2:22 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 2:43 pm)

Re: insecure scheduler in OpenBSD 4.7, Dmitry-T, (Mon Oct 11, 3:09 pm)

Re: insecure scheduler in OpenBSD 4.7, Gilles Chehade, (Mon Oct 11, 3:23 pm)

Re: insecure scheduler in OpenBSD 4.7, Brad Tilley, (Mon Oct 11, 3:49 pm)

Re: insecure scheduler in OpenBSD 4.7, Fred Crowson, (Mon Oct 11, 4:11 pm)

Re: insecure scheduler in OpenBSD 4.7, Tomas Bodzar, (Mon Oct 11, 9:04 pm)

Re: insecure scheduler in OpenBSD 4.7, Jean-Francois, (Tue Oct 12, 4:07 am)

Re: insecure scheduler in OpenBSD 4.7, Alexandre Ratchov, (Tue Oct 12, 4:57 am)

Re: insecure scheduler in OpenBSD 4.7, Oliver Peter, (Tue Oct 12, 5:35 am)

Re: insecure scheduler in OpenBSD 4.7, ÐÐ¼Ð¸ÑÑÐ¸Ð¹ Ð¦Ð°Ñ ..., (Tue Oct 12, 6:14 am)

Re: insecure scheduler in OpenBSD 4.7, J Sisson, (Tue Oct 12, 7:39 am)

Re: insecure scheduler in OpenBSD 4.7, Jordi Espasa Clofent, (Tue Oct 12, 7:59 am)

Re: insecure scheduler in OpenBSD 4.7, Christiano F. Haesbaert, (Tue Oct 12, 8:51 am)

Re: insecure scheduler in OpenBSD 4.7, Jeremy O'Brien, (Thu Dec 16, 5:56 pm)

Re: insecure scheduler in OpenBSD 4.7, Kevin Chadwick, (Fri Dec 17, 3:39 am)


linux-kernel:
Greg Kroah-Hartman	[PATCH 17/36] sysdev: detect multiple driver registrations
Greg Kroah-Hartman	[PATCH 22/36] PM: Make wakeup flags available whenever CONFIG_PM is set
Greg Kroah-Hartman	[PATCH 20/36] Driver core: Call device_pm_add() after bus_add_device() in device_a...
Rafael J. Wysocki	[Bug #16136] Linux 2.6.34 causes system lockup on Compaq Presario 2200 Laptop
Pekka Enberg	Re: BUG in free_block (tainted)
git:
Johannes Schindelin	Re: [PATCH 2/2] git-svn: support fetch with autocrlf on
Mark Burton	Re: [PATCH] builtin-branch: highlight current remote branches with an asterisk
Junio C Hamano	Re: [PATCH 6/6] Teach core object handling functions about gitlinks
Johannes Schindelin	Re: Trying to use git-filter-branch to compress history by removing large, obsolet...
Junio C Hamano	Re: git-svnimport
linux-netdev:
Daniel Schaffrath	Re: tcp bw in 2.6
Frans Pop	[PATCH] ipv4: make default for INET_LRO consistent with help text
Gerrit Renker	[PATCH 37/37] dccp: Debugging functions for feature negotiation
Patrick McHardy	Re: [PATCH RESEND 1/3] netfilter: xtables: inclusion of xt_condition
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
openbsd-misc:
Conor	Re: RFID Reader
Josh Grosse	ssh/sshd challenge-response seems to have stopped working in -current
Pieter Verberne	File collision while using pkg_add
Stuart Henderson	Re: SquidGuard problem
Western Union	Online account has been suspended
git-commits-head:
Linux Kernel Mailing List	ath9k_htc: Allocate URBs properly
Linux Kernel Mailing List	ath9k: Added get_survey callback in order to get channel noise
Linux Kernel Mailing List	ALSA: snd-usb-caiaq: Do not expose hardware input mode 0 of A4DJ
Linux Kernel Mailing List	V4L/DVB (9041): Add support YUAN High-Tech STK7700D (1164:1f08)
Linux Kernel Mailing List	cpumask: make irq_set_affinity() take a const struct cpumask