Re: pico can cripple a system

Fri, 13 Oct 2000 19:54:15 -0700 

Couldn't you set a memory/cpu limit on user groups?


>I tried it in vi, and it doesn't cause a problem.  There would have been at
>least 50M free at the time that pico was invoked.
>
>My concern *isn't* that this file cannot be edited with pico.  I couldn't
>care less; I can use vi just fine.  However, my concern is that an
>unpriviledged user was able to down my system because of pico's lack of
>observance to the demand it would cause.
>
>That seems like a security hole, to me.
>
>Lee.
>
>
>At 02:08 AM 10/12/00 -0400, you wrote:
>>Did you try the same thing in vi? If not.. don't complain :)
>>
>>100MB file.. how much RAM was free before hand? that file's goin right
>>into swap no matter what editor you use if you run out of RAM.
>>
>>-Statux
>>
>>On Wed, 11 Oct 2000, Lee Howard wrote:
>>
>>>  I had a user ftp up a 100MB+ text file and then try opening it with pico.
>>>  Well, it brought the system to its knees, and it went unresponsive for
>>>  nearly an hour (128MB RAM, 8GB HDD, AMD K6-2/450) until I executed a
>>>  'shutdown -r' (and even that took several minutes to initiate).
>>>
>>>  Now maybe the user wasn't all that careful, but it seems innocent enough.
>>>
>>>  How is this not a security issue?  Seems to me that pico needs to be a
>>>  little more concerned about CPU usage when it opens a file.
>>>
>>>  Thanks.
>>>
>>>  Lee Howard
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list


________________________________________________________________________________
"The Internet treats censorship as damage and routes around it"

InterNetWorkingSolutions
Your home for Business and Personal Computing Solutions       
                                                          
PO Box 152, Cabot, VT 05647 USA
                                
VOICE: 888.726.9030
FAX: 888.726.9030 
                                                
General Information:                    [EMAIL PROTECTED]
Website Hosting:                        [EMAIL PROTECTED]
Systems Administration Services :       [EMAIL PROTECTED]
Technical Support & Training Services:  [EMAIL PROTECTED]
________________________________________________________________________________



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to