This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
Subject: pico can cripple a system From: Lee Howard <faxguy@deanox.com> Date: Wed, 11 Oct 2000 22:07:41 -0600 I had a user ftp up a 100MB+ text file and then try opening it with pico. Well, it brought the system to its knees, and it went unresponsive for nearly an hour (128MB RAM, 8GB HDD, AMD K6-2/450) until I executed a 'shutdown -r' (and even that took several minutes to initiate). Now maybe the user wasn't all that careful, but it seems innocent enough. How is this not a security issue? Seems to me that pico needs to be a little more concerned about CPU usage when it opens a file. Thanks. === Subject: Re: pico can cripple a system From: Statux <statux@bigfoot.com> Date: Thu, 12 Oct 2000 02:08:11 -0400 (EDT) Did you try the same thing in vi? If not.. don't complain :) 100MB file.. how much RAM was free before hand? that file's goin right into swap no matter what editor you use if you run out of RAM. === Subject: Re: pico can cripple a system From: Steve Dixon <steve@dpn.com> Date: Wed, 11 Oct 2000 00:16:38 -0700 It doesn't matter what editor opened the file, you would have had the same effect. === Subject: Re: pico can cripple a system From: Lee Howard <faxguy@deanox.com> Date: Thu, 12 Oct 2000 01:24:11 -0600 I tried it in vi, and it doesn't cause a problem. There would have been at least 50M free at the time that pico was invoked. My concern *isn't* that this file cannot be edited with pico. I couldn't care less; I can use vi just fine. However, my concern is that an unpriviledged user was able to down my system because of pico's lack of observance to the demand it would cause. That seems like a security hole, to me. === Subject: Re: pico can cripple a system From: Steve Dixon <steve@dpn.com> Date: Wed, 11 Oct 2000 00:35:55 -0700 Pico could care less what size file it opens or how much cpu time it takes over. It's just trying to open the file as fast as it can. === Subject: Re: pico can cripple a system From: Statux <statux@bigfoot.com> Date: Thu, 12 Oct 2000 03:31:44 -0400 (EDT) That seems like a security hole, to me. Not really a security hole.. but a major denial of services/resources :) If pico gets a major overhaul, then so does pine :) I'm still learnin to use vi.. I like vi.. but it's bizzarre :) colon this.. colon that ;) === Subject: Re: pico can cripple a system From: Dan Horth <dan@nitro.com.au> Date: Thu, 12 Oct 2000 18:51:15 +1100 I thought that there was a way to limit processor and memory usage - similar to the way you limit disk usage with quota... I can't remember off-hand and haven't set this up myself... but I do think there is a product out there to prevent users thrashing your system... sorry can't be more helpful... hopefully it'll get people talking though! ;) === Subject: Re: pico can cripple a system From: Emmanuel Seyman <seyman@moe.acticiel.com> Date: Thu, 12 Oct 2000 10:16:34 +0200 Dan Horth a