I tried it in vi, and it doesn't cause a problem. There would have been at
least 50M free at the time that pico was invoked.
My concern *isn't* that this file cannot be edited with pico. I couldn't
care less; I can use vi just fine. However, my concern is that an
unpriviledged user was able to down my system because of pico's lack of
observance to the demand it would cause.
That seems like a security hole, to me.
Lee.
At 02:08 AM 10/12/00 -0400, you wrote:
>Did you try the same thing in vi? If not.. don't complain :)
>
>100MB file.. how much RAM was free before hand? that file's goin right
>into swap no matter what editor you use if you run out of RAM.
>
>-Statux
>
>On Wed, 11 Oct 2000, Lee Howard wrote:
>
>> I had a user ftp up a 100MB+ text file and then try opening it with pico.
>> Well, it brought the system to its knees, and it went unresponsive for
>> nearly an hour (128MB RAM, 8GB HDD, AMD K6-2/450) until I executed a
>> 'shutdown -r' (and even that took several minutes to initiate).
>>
>> Now maybe the user wasn't all that careful, but it seems innocent enough.
>>
>> How is this not a security issue? Seems to me that pico needs to be a
>> little more concerned about CPU usage when it opens a file.
>>
>> Thanks.
>>
>> Lee Howard
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
