killall with 65 arguments kills more than expected
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
psmisc (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Christian Ehrhardt |
Bug Description
[Impact]
* killall with exactly 65 (33 in 32-bit environments) arguments can kill random processes
* this can be accidentially or even maliciously used to kill processes
* root casue is an off-by-one error
[Test Case]
* as seen in the bug description above, but please note that this triggers the bug only sometimes (1/3 of my tries)
ps xa | wc -l
for i in `seq 1 65`; do touch ~/tmp_tasks/test$i; done;
for i in `seq 1 65`; do echo ~/tmp_tasks/test$i; done | xargs killall
ps xa | wc -l
[Regression Potential]
* there should be no/minimal regression Potential
- the fix itself is minimal
- no solution (other than maybe exploits) should rely on this behaviour
[Original Report]
killall in Precise is supposed to limit the number of arguments to 64, but due to a fencepost error, 66 arguments will be blocked but 65 is not.
With 65 arguments, the behavior varies, but in some cases will send a signal to random processes.
# ps xa | wc -l
164
# mkdir ~/tmp_tasks/
# for i in `seq 1 65`; do touch ~/tmp_tasks/test$i; done;
# for i in `seq 1 65`; do echo ~/tmp_tasks/test$i; done | xargs killall
Connection to 198.18.88.176 closed by remote host.
Connection to 198.18.88.176 closed.
# ps xa | wc -l
126
This is fixed upstream and at the very least trusty works fine.
Changed in psmisc (Ubuntu Precise): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in psmisc (Ubuntu): | |
status: | New → Fix Released |
tags: | added: bitesize |
Changed in psmisc (Ubuntu Precise): | |
assignee: | nobody → ChristianEhrhardt (paelzer) |
description: | updated |
Changed in psmisc (Ubuntu): | |
importance: | Undecided → Medium |
attached is a proposed fix