COMMAND
	    kernel
SYSTEMS AFFECTED
	    all versions prior to 2000/04/20
PROBLEM
	    Following is based on NetBSD Security Advisory and it was found by
	    Artur Grabowski.  Untrusted local processes can hog cpu and kernel
	    memory by tricking  the kernel into  running exclusively on  their
	    behalf, denying other processes the CPU.
	    4.xBSD kernels are non-preemptive; processes running in user space
	    can be preempted, but processes runnning in the kernel must  yield
	    the CPU voluntarily.  Certain  system calls could be convinced  to
	    run for  an extended  time in  the kernel  without yielding (e.g.,
	    reads from /dev/zero).
	    In addition,  the ktrace  system-call tracing  facility could  use
	    large amounts of kernel memory when tracing large I/O's
SOLUTION
	    The patches referenced by this advisory:
	
	        - add  a facility  to allow  a process  to yield  the cpu  but
	          remain runnable.
	        - notice when a process  has executed for an entire  timeslice
	          without yielding.
	        - add several preemption points in common system routines.
	        - reduce the total memory required by ktrace while tracing I/O
	          (by breaking the data read into multiple chunks).
	
	    For formal NetBSD releases, you should to download the appropriate
	    source patch  listed below,  apply it  to your  kernel source tree
	    using  the  patch(1)  command.   For  NetBSD-current,  you  should
	    update your source  tree (with either  sup or anonymous  CVS).  In
	    both cases,  you then  need to  rebuild, install  the newly  built
	    kernel, and reboot.  For NetBSD  1.4, 1.4.1, and 1.4.2 a patch  is
	    available in
	
	        ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-yield
	
	    NetBSD-current since 20000420 contains  all the fixes, and  is not
	    vulnerable.  Users  of NetBSD-current should  upgrade to a  source
	    tree dated 20000420 or later.