On Wed, Dec 07, 2005 at 02:35:03AM +0000, James Troup wrote: > Neil McGovern <[EMAIL PROTECTED]> writes: > > > I'm tagging this bug as security and upping the severity. > > > > Justification: > > A small script can be used to affect the availability of the parent > > xserver if xloadimage is installed. If the resource limits of the > > xserver are high enough, there is potential for the process table to > > become saturated, leading to a loss of availability of the machine that > > xloadimage is installed on. > > Err, I'm confused - how is this any different in "DoS" profile from > e.g. a traditional fork bomb? >
It's essentially the same, with a minor difference: Fork bombs traditionally happen very quickly, whereas with normal operation, this DoS will take some time. Admittedly, something oculd be easily crafted to make xloadimage speed up this process. It's because of the timescale (again, under normal operation) that I've set this bug as 'grave' rather than 'critical'. Cheers, Neil -- __ .` `. [EMAIL PROTECTED] | Application Manager : :' ! ---------------- | Secure-Testing Team member '. `- gpg: B345BDD3 | Webapps Team member `- Please don't cc, I'm subscribed to the list -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
