On 11/10/2010 23:12, Dmitry-T wrote: > 12.10.10, 00:54, "Ted Unangst" <[email protected]>: > >> On Mon, Oct 11, 2010 at 4:41 PM, Dmitry-T wrote: >> > Run as _normal user_: >> > dd if=/dev/urandom of=/dev/null >> >> > It is not secure. One user script or program may load CPU and >> > database or another servers lost speed in disk operations. >> > This is hole for DOS attacks in OpenBSD design. >> > >> > How you use the OpenBSD as web servers and hosting platform? >> > Permanently catch and kill processes? >> >> echo yes | rmuser `ps ua -p \`pgrep dd\` | tail -1 | awk '{print $1}'` > > This is naive :)
You're the naive one. If a user can DOS the system just by doing dd, it means the system's policy is very weak, so the user can probably just as well throw a forkbomb.
