abadideaan ominous I-am-under-NDA-coded warning to immediately uninstall atop has been posted by a reputable tech blogger. https://rachelbythebay.com/w/2025/03/25/atop/
to be clear “atop” is a Linux system administration tool and if you don’t know what that means or if you could possibly have it installed, you don’t.
it seems to be getting hug of deathed, so here’s a screenshot, though it really doesn’t say much more than what I said.
wuest@0xabad1dea well that's unnerving.
DDR@0xabad1dea well that's worrying
Enkiusz🇺🇦@0xabad1dea smells like xz
Alexander The 1st@0xabad1dea given no other information, and planning to just guess - over/under on this being related to the recent NextJS middlware exploit?
mx alex tax1a - 2020 (6)@AT1ST considering atop is a C-language system utility and NextJS is a web framework, completely unrelated
Fazal Majid@0xabad1dea it's bizarre she could be slashdotted so thoroughly by HN, you'd think a former PE for Facebook would manage to select more robust infrastructure for her blog than WordPress or whatever she uses that is so fragile.
@fazalmajid there’s nothing about Wordpress that’s “fragile” in that way, as it’s well known to power many of the busiest sites on the internet, and most people don’t spend large amounts of money on provisioning extra “infrastructure” for their personal blog in case traffic is ever unusually high for a few hours. Mastodon is notorious for hammering small sites offline with the decentralized preview generation.
gkrnours@0xabad1dea I am currently wondering if oh my zsh could have installed it
Lux 
@gkrnours @0xabad1dea I use OhMyZSH and didn't have atop installed.
Apicultor 🐝@orange_lux Not top, atop.
@orange_lux Happens to the best of us!
fuomag9@gkrnours @0xabad1dea I have checked on both macOS and some Linux virtual machines that I have that have that installed and there is nothing regarding atop afaik
Lord Caramac the Clueless, KSC@0xabad1dea I have never used atop. I find vanilla top a little too bland, which is why I use htop whereever I can.
Kevin Riggle
Pwassonchat the enby catboy@0xabad1dea I had to Google that and got all sorts of results. Do they mean the Linux program?
@0xabad1dea thank you. Boosted for my Linux-using followers.
zl2todI assume that's the Linux process monitor and not the industrial automation toolset.
Francesco Degrassi@zl2tod @0xabad1dea I’d assume the same as they specifically single out atop from top, htop, etc.
<Grabb0rs the current source for reference>
@zl2tod @0xabad1dea There's an interesting set of fixes about overflows and bound-checks from 2 weeks ago, notable for there's very little else in the previous months.
Stéphane Charette 🇨🇦@0xabad1dea It would be nice to have something more than "I can go into why another time."
DJGummikuh@0xabad1dea do you know if this is default-convenience installed on any distro? Gotta go checking on all my systems now, but I have a few /o\
Mx Autumn 
@DJGummikuh @0xabad1dea as far as I am aware you have to install it for it to be there. It’s not on any of my systems.
@carbontwelve @0xabad1dea I can't remember ever using it myself, I recall seeing it used ONCE. however, not all my systems are under my exclusive control so it's possible a friend installed it on some of them. Thanks regardless, reduces the pressure slightly 😅
@DJGummikuh @0xabad1dea afaik mostly do not, I don’t have on any of my machines
✨ Mia’s Simulacrum 🏳️⚧️✨
Oblomov@0xabad1dea I *so* want to see the postmortem on this.
Jon A. Cruz
Ibly 🏳️⚧️ 
@0xabad1dea considering things i've heard about how atop in particular runs, this sounds nuclear for anyone who has that installed
Kura 
:kura_explode:@0xabad1dea what is atop even?
abadidea (@[email protected])
to be clear “atop” is a Linux system administration tool and if you don’t know what that means or if you could possibly have it installed, you don’t.
Hydrian@kura @0xabad1dea It is a top style program that can take deep snapshots of system usage. One of the nice / important uses of atop, is that you can run it in 'daemon' mode and it will continually take snaps shots of system resources ( net, cpu, ram, block I/O, process list and what they are using ) and log them to file database for later review. I use atop to diagnose long term process issues (aka memory leaks)
rick@kura the brother of btop.
just a joke.. system load/analyzing tool like htop
just a joke.. system load/analyzing tool like htop
Phillip@0xabad1dea I'm sure I can find a better use for that freshly freed 506KB anyway...
Icil@0xabad1dea
Oh thank god I have btop++ instead
Oh thank god I have btop++ instead
Mae@0xabad1dea I have a part of my brain that wants me to install it
Ben Ramsey
James C@0xabad1dea not the alcohol treatment outcome profile!
gobborg@0xabad1dea time to install atop and monitor tcpdump...
@0xabad1dea ok segfault is so much less interesting
tobadzistsini@0xabad1dea @stevendbrewer More info/speculation as to why one should cease using atop.
https://news.ycombinator.com/item?id=43477057
https://news.ycombinator.com/item?id=43477057
Arch 💕@0xabad1dea an update to the atop thing!
John "Dobbymoodge" Lamb@0xabad1dea Some additional info here: https://rachelbythebay.com/w/2025/03/26/atop/
It sounds like the contributor folks have been dogpiling has little or nothing to do with Rachel's warning, but rather a more troubling and long-lived bug has been noticed.
At a guess, I expect the routine that compares the current process/thread snapshot with the previous one has a buffer length variable that doesn't get set properly, leading to some sort of over/underrun scenario.
@0xabad1dea Rachel hints that this is something that can be triggered by an unprivileged user. Maybe manipulating the process table by exec/exit processes during the interval between atop's `/proc` reads? Or rolling over the `pid_max` to exploit some assumption `atop` makes about following processes across scans?
I'm really interested in what folks dig up with all this attention on atop. I've always just tolerated its jankiness because it's so useful, but it is janky fo sho.
Jens 🇪🇺
Carlos Solís@0xabad1dea OK, let's check the changelogs at atoptool.nl/downloadatop.php ... oh, found something for version 2.11.0:
A temporary raw file you say? May it be that it accidentally dumps information that shouldn't be accessible to unprivileged users?
Rain@0xabad1dea damn i was building atop in buildroot just a few days ago but it required ncurses with wide char support (ncursesw) so i didnt