Debian Bug report logs - #551753
kills processes from thin client sessions which it shouldnt kill

version graph

Package: killer; Maintainer for killer is Debian Edu Developers <debian-edu@lists.debian.org>; Source for killer is src:killer.

Reported by: Holger Levsen <holger@layer-acht.org>

Date: Tue, 20 Oct 2009 13:09:01 UTC

Severity: serious

Found in version killer/0.90-6

Fixed in version killer/0.90-7

Done: Petter Reinholdtsen <pere@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#551753; Package killer. (Tue, 20 Oct 2009 13:09:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Holger Levsen <holger@layer-acht.org>:
New Bug report received and forwarded. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Tue, 20 Oct 2009 13:09:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Holger Levsen <holger@layer-acht.org>
To: submit@bugs.debian.org
Subject: kills processes from thin client sessions which it shouldnt kill
Date: Tue, 20 Oct 2009 14:45:19 +0200
[Message part 1 (text/plain, inline)]
package: killer
severity: serious
version: 0.90-6
# justification: causes data loss, makes unrelated software break

Hi,

the purpose of killer is to kill processes belonging to a user who is not 
logged in anymore of whose processes are hanging. According to Skolelinux bug 
#1373 it also kills processes which it shouldnt kill. 

See http://bugs.skolelinux.org/show_bug.cgi?id=1373#c5 for a first analysis 
how this happens. <200909211517.54070.rgx@gmx.de> (on the debian-edu list) 
also contains useful information for tracking this down. The complete thread 
started at <200909182345.55873.rgx@gmx.de>


regards,
	Holger
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#551753; Package killer. (Mon, 25 Jan 2010 18:12:13 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Mon, 25 Jan 2010 18:12:13 GMT) Full text and rfc822 format available.

Message #10 received at 551753@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: Holger Levsen <holger@layer-acht.org>, 551753@bugs.debian.org
Subject: Re: Bug#551753: kills processes from thin client sessions which it shouldnt kill
Date: Mon, 25 Jan 2010 19:09:57 +0100
[Holger Levsen]
> the purpose of killer is to kill processes belonging to a user who
> is not logged in anymore of whose processes are hanging. According
> to Skolelinux bug #1373 it also kills processes which it shouldnt
> kill.

I believe I was able to reproduce it, where killer would fail to
handle the output from ps properly for users with usernames longer
than 8 characters.  I've commited a patch to svn and will upload
shortly.

Here is the old behaviour, where killer want to kill the processes of
the user testesttest currently logged in via ssh from remote:

  tjener:~# killer -n
  kill(15, 23835) user=1000 command=bash nice=0
  kill(9, 23835) user=1000 command=bash nice=0
  kill(23, 23835) user=1000 command=bash nice=0
  kill(9, 23835) user=1000 command=bash nice=0
  tjener:~# who
  root     :0           2010-01-22 07:16
  root     pts/2        2010-01-25 17:37 (remote)
  testtesttest pts/3        2010-01-25 18:59 (remote)
  tjener:~# id testtesttest
  uid=1000(testtesttest) gid=1000(testtesttest) grupper=1000(testtesttest)
  tjener:~#

And this is the new behaviour after applying the patch:

  tjener:~# killer -n
  tjener:~# 

Happy hacking,
-- 
Petter Reinholdtsen




Reply sent to Petter Reinholdtsen <pere@debian.org>:
You have taken responsibility. (Mon, 25 Jan 2010 18:36:03 GMT) Full text and rfc822 format available.

Notification sent to Holger Levsen <holger@layer-acht.org>:
Bug acknowledged by developer. (Mon, 25 Jan 2010 18:36:03 GMT) Full text and rfc822 format available.

Message #15 received at 551753-close@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@debian.org>
To: 551753-close@bugs.debian.org
Subject: Bug#551753: fixed in killer 0.90-7
Date: Mon, 25 Jan 2010 18:33:37 +0000
Source: killer
Source-Version: 0.90-7

We believe that the bug you reported is fixed in the latest version of
killer, which is due to be installed in the Debian FTP archive:

killer_0.90-7.diff.gz
  to main/k/killer/killer_0.90-7.diff.gz
killer_0.90-7.dsc
  to main/k/killer/killer_0.90-7.dsc
killer_0.90-7_all.deb
  to main/k/killer/killer_0.90-7_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 551753@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated killer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 25 Jan 2010 19:03:03 +0100
Source: killer
Binary: killer
Architecture: source all
Version: 0.90-7
Distribution: unstable
Urgency: low
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description: 
 killer     - Background job killer
Closes: 551753
Changes: 
 killer (0.90-7) unstable; urgency=low
 .
   * Fix linux-ps-longusernames.dpatch to also handle long usernames in
     ruser, to avoid killing processes of user with usernames > 8
     characters (Closes: #551753).
Checksums-Sha1: 
 38347fb39ae7b34e71f92f6546daef7cfb9e4ab8 1187 killer_0.90-7.dsc
 b66adeb75b13736347ef2d91f912b8dbcd2bbed0 5934 killer_0.90-7.diff.gz
 cda97b37cb3512052653eb4dfc2e9a55edd7be20 24074 killer_0.90-7_all.deb
Checksums-Sha256: 
 8f878ad0472a3ef8019e3d0af1e48f6b35b803670600a1af05b9bbafe0e51b70 1187 killer_0.90-7.dsc
 2dba17839770c9b88f51d1de1254a954139df8f70b302e84196b5314e8eaa9d2 5934 killer_0.90-7.diff.gz
 5a8491550eb79036949d38473b0e551a435f5d5e6ea9fb035bb4c4b8ad97a572 24074 killer_0.90-7_all.deb
Files: 
 5e26be19c9f8f5f0a2b52cf5ed0473fe 1187 misc optional killer_0.90-7.dsc
 bbc2f2285f2b26ce9cf5d0b36090e264 5934 misc optional killer_0.90-7.diff.gz
 f82f6a6b27828b51028bb37350b278f0 24074 misc optional killer_0.90-7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLXeBb20zMSyow1ykRApq7AKCpMurk/CtO7x6fIPM6xZddsgIJEwCgvYDA
HOzxc4n9VloHEddWAs2sysk=
=Su33
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Edu Developers <debian-edu@lists.debian.org>:
Bug#551753; Package killer. (Mon, 25 Jan 2010 19:00:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian Edu Developers <debian-edu@lists.debian.org>. (Mon, 25 Jan 2010 19:00:06 GMT) Full text and rfc822 format available.

Message #20 received at 551753@bugs.debian.org (full text, mbox):

From: Petter Reinholdtsen <pere@hungry.com>
To: 551753@bugs.debian.org, Holger Levsen <holger@layer-acht.org>
Subject: Re: Bug#551753: kills processes from thin client sessions which it shouldnt kill
Date: Mon, 25 Jan 2010 19:59:24 +0100
Holger asked on IRC for the patch in BTS, to make it easier for the
stable release managers to review this change for inclusion in Lenny.
Here it is.  The issue at hand was that some part of the code used the
$user value and other parts used the $ruser part.  Both had to be
updated for users with long usernames.

ndex: debian/changelog
===================================================================
--- debian/changelog	(revision 62084)
+++ debian/changelog	(working copy)
@@ -1,3 +1,11 @@
+killer (0.90-7) unstable; urgency=low
+
+  * Fix linux-ps-longusernames.dpatch to also handle long usernames in
+    ruser, to avoid killing processes of user with usernames > 8
+    characters (Closes: #551753).
+
+ -- Petter Reinholdtsen <pere@debian.org>  Mon, 25 Jan 2010 19:03:03 +0100
+
 killer (0.90-6) unstable; urgency=low
 
   * Fix typo in linux-ps-longusernames.dpatch, returning the password
Index: debian/patches/linux-ps-longusernames.dpatch
===================================================================
--- debian/patches/linux-ps-longusernames.dpatch	(revision 62084)
+++ debian/patches/linux-ps-longusernames.dpatch	(working copy)
@@ -6,9 +6,9 @@
 
 @DPATCH@
 diff -urNad killer~/killer killer/killer
---- killer~/killer	2008-07-06 01:20:55.000000000 +0200
-+++ killer/killer	2008-07-06 01:20:55.000000000 +0200
-@@ -238,7 +238,10 @@
+--- killer~/killer	2010-01-25 19:01:46.000000000 +0100
++++ killer/killer	2010-01-25 19:02:08.000000000 +0100
+@@ -238,7 +238,11 @@
  
  	($user, $ruser, $uid, $ruid, $tty, $pid, $ppid, $nice, $comm) 
  		= split( /[ \t]+/, $_, 9 );
@@ -16,6 +16,7 @@
 +
 +        # Linux ps report uid when username is longer than 8 characters.
 +        $user = (getpwuid($user))[0] if ($user =~ m/^\d+/);
++        $ruser = (getpwuid($ruser))[0] if ($ruser =~ m/^\d+/);
 +
  	$pid2user{$pid} = $user;
  	$pid2ruser{$pid} = $ruser;

Happy hacking,
-- 
Petter Reinholdtsen




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 28 Feb 2010 07:39:17 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 14:19:26 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.