Re: Bug in scp v3.0.1

[Matt Forrest <mforrest () scs ryerson ca>]

Try using the sftp client.  All you have to do is to connect to the
machine and sshd2 want to eat all available CPU cycles. 

I haven't looked at the source yet, but after attaching to a process, it
looks like the daemon is sitting in a tight loop calling poll().  I'd
think that a well placed select() call might solve the problem.

On Wed, 31 Oct 2001, Jonathan A. Zdziarski wrote:

> Date: Wed, 31 Oct 2001 00:18:47 -0500
> From: Jonathan A. Zdziarski <jonathan () cafejesus com>
> To: bugtraq () securityfocus com
> Subject: Bug in scp v3.0.1
>
> I was scp'ing a 2MB file to my home computer over a DSL line and just
> happened to run top at the same time.  I immediately noticed this line:
>
> 13864 root       1  30    0 2884K 1744K run     0:38 42.00% sshd2
>
> It appears that scp'ing a file over a slow connection causes the process to
> suck up a huge number of resources.  There's most likely no usleep()
> somewhere it's needed.  A couple scp's over slow connections could severely
> degrade the boxes performance.
>
> This test was performed on a Solaris 8_x86 machine.


mATT

*************************************************************************

       A neurotic worries about going crazy, but never will
       A psychotic IS crazy, but doesn't worry about it!

  ....... Don't worry, be happy!!!  >:}

*************************************************************************