lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 20 Apr 2018 10:39:21 +0200
From:   Ferry Toth <ftoth@...fort.nl>
To:     Mike Galbraith <efault@....de>
Cc:     lkml <linux-kernel@...r.kernel.org>
Subject: Re: DOS by unprivileged user

Op vrijdag 20 april 2018 06:46:58 CEST schreef Mike Galbraith:
> On Thu, 2018-04-19 at 21:13 +0200, Ferry Toth wrote:
> > It appears any ordinary user can easily create a DOS on linux.
> > 
> > One sure way to reproduce this is to open gitk on the linux kernel repo 
> > (SIC) on a machine with 8GB RAM 16 GB swap on a HDD with btrfs and quad core 
> > + hyperthreading. But I will be easy enough to get the same effect with more 
> > RAM, other fs etc.
> > 
> > In this case gitk allocates more and more memory (until my system freezes 
> > 6.5GB of 7.5GB avaiable), the system starts swapping or writing to tmp files 
> > (can't investigate as there is no time until it freezes) and the io wait 
> > goes to 100% on all cores. At this point it is impossible to login from 
> > remote and local keyboard and mouse are frozen. Hard reset is the only way 
> > out at this point.
> 
> datapoint: my i4790/ext4 box running master.yesterday booted mem=8G
> became highly unpleasant to use, but I retained control, and the all
> cores going to 100% thing did not happen at any time.
> 
> I didn't try constraining on the gitk user, just turned it loose a few
> times to see if it managed to render box effectively dead.  It failed
> to kill my box, but (expectedly) did make it suck rocks.
> 
> 	-Mike
> 

Yes, might be less dramatic with ext4 than with btrfs (COW icw fsync on hdd'.s destroys performance 
of things like virtualbox, databases, dpkg).

Nevertheless I feel one process should not be allowed to harm other processes by denying them resources. Even if when btrfs makes it easy abuse I think the scheduler should have throttled gitk.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ