John McCue <
jmccue@qball.jmcunx.com> writes:
Hi All
Ran across this:
https://news.ycombinator.com/item?id=43477057
Seems atop may be 'bad':
Below from
https://rachelbythebay.com/w/2025/03/25/atop/
You might want to stop running atop
My life as a mercenary sysadmin can be
interesting. Sometimes I find things, and
sometimes I hear things. Now and then I say
things.
Right now, I think it's probably best if you
uninstall atop. I don't mean just stopping it, but
actually keep it from being executed.
I'm not talking about the OG top, or htop, iftop,
or anything else with a "top" name. Just atop.
I can go into why another time.
Frustratingly vague.
1) atop installs a background service, and can optionally be accompanied
by a kernel module, both of which could contain a vulnerability the
remains relevant when not currently running the command-line tool.
2) Of recent commits, nothing stands out apart from [1], but looking at
the surrounding context I don’t think that’s fixing anything
exploitable, it’s just making some grotty code a little more
defensive.
[1]
https://github.com/Atoptool/atop/commit/a0e96f124f93
Speculation:
a) If the grottiness in a0e96f124f93 is consistent throughout the code
then more serious problems are to be expected.
b) It’s possible whatever exercise led to a0e96f124f93 that could have
found something more serious which is not yet disclosed anywhere
public.
By grottiness I mean:
* makeargv() makes assumptions about the size of the array it populates
* makeargv()’s bounds checks are distant from array use
* make_sys_prints()’s bounds check is, bizarrely, based on a parameter
rather than the actual array size (it just happens, by luck or
something, that the two always match)
--
https://www.greenend.org.uk/rjk/
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)