Bug 110422 - Using aspell as a denial-of-service/crash from a normal user account
Using aspell as a denial-of-service/crash from a normal user account
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: aspell (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Eido Inoue
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2003-11-19 09:53 EST by Robert Osborne
Modified: 2007-11-30 17:06 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-02-19 11:58:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Osborne 2003-11-19 09:53:31 EST
Description of problem:
aspell- goes into a bad memory/processor leak when invoked
in SGML mode

Version-Release number of selected component (if applicable):

How reproducible:
invoke aspell with either -H or --mode=sgml

Steps to Reproduce:
$ echo 'Kill me' > text.txt
aspell -H -c text.txt
watch a top and see the system grind to a halt
Actual results:
I've had to hit the power button after several of these ran
simultaneously.  I couldn't log in from the console or use
CTRL-ALT-DEL from the virtual terminal!

Expected results:

Additional info:
Comment 1 Eido Inoue 2003-12-03 11:58:53 EST
I verified that aspell does go into a loop and consumes lots of
memory, but aspell is a non-suid userland program. If in theory (*) it
can DoS, then any userland program can also do the same, and this is
something to be examined by the kernel/libc teams.

* I was able to recover from a few of these running. It was very
difficult and took a lot of time, but I could. Eventually the apps
should terminate after they've exhausted memory.
Comment 2 Eido Inoue 2004-02-19 11:58:10 EST
closing as i weas able to recover. if you aren't able to recover, the
DoS blame doesn't lie with the userspace app.

Note You need to log in before you can comment on or make changes to this bug.