Bug 74228 - 12000 point Monospace leads to swap thrashing
12000 point Monospace leads to swap thrashing
Status: CLOSED DUPLICATE of bug 66658
Product: Red Hat Public Beta
Classification: Retired
Component: XFree86 (Show other bugs)
null
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Mike A. Harris
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-09-18 06:21 EDT by Barry K. Nathan
Modified: 2008-05-01 11:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-11-03 04:12:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Barry K. Nathan 2002-09-18 06:21:04 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020830

Description of problem:
An attacker can set the font size to 12000 points, subsequently causing the
computer to thrash and slowing things down into a miserable mess.

Version-Release number of selected component (if applicable):
vte-0.8.19-1
gnome-terminal-2.0.1-3

How reproducible:
Always

Steps to Reproduce:
1. Go to the profile editor (either for the current one or for another profile,
it doesn't seem to matter).
2. Go to the font selector
3. Select Monospace, and punch in a 12000 point size.
4. Attempt to click on "OK".

Actual Results:  Computer seems to become a perpetual thrashing machine (with
256MB RAM and 2GB swap -- I can't easily test this on computers with more RAM at
the moment).

Expected Results:  Perhaps an error message

Additional info:

This bug may have security implications on systems with untrusted local users.
Making the point size too big (say, 18000) just leads to an immediate segfault.
Comment 1 Havoc Pennington 2002-10-01 15:49:14 EDT
We should clamp the possible font size, but I don't consider it a security issue
because a user can only do this to themselves, someone else can't do it to you.
Comment 2 Warren Togami 2002-10-01 19:17:17 EDT
This is a potential local DoS for LTSP.  Any malicious user could possibly
cripple it for everyone.
Comment 3 Havoc Pennington 2002-10-01 19:35:37 EDT
No more than with a trivial fork bomb or shell script. Being able to use all
system resources doesn't count as a security problem, there are millions of ways
to do it, unless you have set up hard resource quotas.
Comment 4 Mike A. Harris 2002-10-07 06:12:45 EDT
It's DoS'able via CSS in web browsers.

Known issue in libXfont.
Comment 5 Mike A. Harris 2002-10-07 06:23:42 EDT
Can't find the existing bug dupe, reassigning....
Comment 6 Mike A. Harris 2002-11-03 04:12:21 EST
Found the duplicate bug number...  closing as duplicate
Comment 7 Mike A. Harris 2002-11-03 04:12:57 EST

*** This bug has been marked as a duplicate of 66658 ***

Note You need to log in before you can comment on or make changes to this bug.