automatic renice in 4.1 bsd?
Zonker T. Chuqui
chuqui at nsc.UUCP
Mon Oct 15 08:19:12 AEST 1984
> Look forward to any info on the subject
> By reniceing the csh to 0, the terminal becomes alive
> again, and renice reports the old priority as 19.
> Is there some thing in 4.1 bsd that renices people when
> the system load gets too high?
> or do we have a malicious user who is fiddling with people's
> priority. (I once looked thru lastcomm, and found that no
> one had executed the renice command.)
It looks like a malicious user. The renice code, unless it's been munged,
only goes to 4, not 19. the only way you'll nice a process to 19 is with
human intervention. They don't need to use the renice command, there is a
system call they can write into their own program to do it. Note that this
user (unless he is smart enough to have figured out a way around it) much
as root privileges to do this on the fly.
Tracking someone doing this down is difficult at best. Brute force searches
through source files is a start, but if he HAS broken root he's probably
smart enough to hide it (if you've given him root and he did this, cut out
his tongue for me....). You could instrument the setpriority() system call
(that is 4.2-- I don't know if the name changes) to log to the console
things like the uid of the person calling it when it us used on a process
other than itself. If /dev/kmem is writable, I'd change that immediately--
someone may have figured out a way to change the values in someone's u.
in there.
sigh.
chuq
--
>From the Department of Bistromatics: Chuq Von Rospach
{cbosgd,decwrl,fortune,hplabs,ihnp4,seismo}!nsc!chuqui nsc!chuqui at decwrl.ARPA
How about 'reason for living?'
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list