top delay value
Mike Meyer
mwm-keyword-freebsdhackers2.e313df at mired.org
Tue Jan 30 15:56:08 UTC 2007
In <20070130140227.26613101832 at hk2.uwaterloo.ca>, waldeck at gmx.de typed:
> An unprivileged user could waste all CPU time by setting a low delay value in top (interactive or via -s).
No, they can't. Should they use the interactive facility to set the
delay to 0 (you can't do that via the -s switch), then top will
compete evenly with normal users processes until it accumulates enough
CPU that the scheduler changes it's nice value. It then no longer
competes with normal user processes for CPU. At that point, the CPU
cyles it's "wasting" are mostly cycles that would have been "wasted"
in an idle loop anyway. Generally (but not always), there's no real
reason to care about such.
> Is there any possibility to deactivate this functionality without recompilation?
chmod 0 /usr/bin/top
> There are other top implementations that use a "secure mode" configuration
> which avoids the setting of the delay value for unprivileged users.
There are *lots* of commands on the system that can be coerced into
spinning on the CPU doing nothing, starting with /bin/sh. The correct
place to deal with this issue is in the kernel scheduler, so you can
do it once and for all.
That said, there may be a use case where you want a top display to be
available without the interactive commands being available, ala the
"secure mode" you mention. That can be provided with a little work,
depending on the exact goals.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
More information about the freebsd-hackers
mailing list