[23043] in bugtraq
Re: Bug in scp v3.0.1
daemon@ATHENA.MIT.EDU (Matt Forrest)
Wed Oct 31 18:38:16 2001
Date: Wed, 31 Oct 2001 15:53:47 -0500 (EST)
From: Matt Forrest <mforrest@scs.ryerson.ca>
To: "Jonathan A. Zdziarski" <jonathan@cafejesus.com>
Cc: bugtraq@securityfocus.com
In-Reply-To: <COEPIIFFJPONEJNLHKOEAEDFCGAA.jonathan@cafejesus.com>
Message-ID: <Pine.GSO.4.21.0110311515370.201-100000@jupiter.scs.ryerson.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Try using the sftp client. All you have to do is to connect to the
machine and sshd2 want to eat all available CPU cycles.
I haven't looked at the source yet, but after attaching to a process, it
looks like the daemon is sitting in a tight loop calling poll(). I'd
think that a well placed select() call might solve the problem.
On Wed, 31 Oct 2001, Jonathan A. Zdziarski wrote:
> Date: Wed, 31 Oct 2001 00:18:47 -0500
> From: Jonathan A. Zdziarski <jonathan@cafejesus.com>
> To: bugtraq@securityfocus.com
> Subject: Bug in scp v3.0.1
>
> I was scp'ing a 2MB file to my home computer over a DSL line and just
> happened to run top at the same time. I immediately noticed this line:
>
> 13864 root 1 30 0 2884K 1744K run 0:38 42.00% sshd2
>
> It appears that scp'ing a file over a slow connection causes the process to
> suck up a huge number of resources. There's most likely no usleep()
> somewhere it's needed. A couple scp's over slow connections could severely
> degrade the boxes performance.
>
> This test was performed on a Solaris 8_x86 machine.
>
>
>
mATT
*************************************************************************
A neurotic worries about going crazy, but never will
A psychotic IS crazy, but doesn't worry about it!
....... Don't worry, be happy!!! >:}
*************************************************************************
