bin/108547: top allows local denial of service attack
Dr. Markus Waldeck
waldeck at gmx.de
Tue Jan 30 11:30:19 UTC 2007
>Number: 108547
>Category: bin
>Synopsis: top allows local denial of service attack
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 30 11:30:14 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Dr. Markus Waldeck
>Release: 7.0-CURRENT-200701
>Organization:
>Environment:
>Description:
An unprivileged user could waste all CPU time by setting a low delay value in top (interactive or via -s).
Is there any possibility to deactivate this functionality without recompilation?
There are other top implementations that use a "secure mode" configuration
which avoids the setting of the delay value for unprivileged users.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list