-
-
Notifications
You must be signed in to change notification settings - Fork 227
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Zombie process using sudo 1.8 #297
Comments
That version of sudo is 5 years old, can you try a more recent version? I can't reproduce this with the current version of sudo using your test script. However, even in 1.8.23, SIGCHLD is blocked until after the main signal handler is installed so there should not be a race condition. There was a race condition that could result in a hang when sudo is executed by a process where the SIGCHLD handler is set to SIG_IGN but that doesn't sound like what you are describing. |
The pam module I am using is written in Golang, so it creates multiple threads when it initializes. So these threads don't have the signal masked and hence I think the signal is sent to the first signal handler when one of these threads receive the signal. Follow up question, why is signal handler setup for SIGCHLD if it is ignored here Line 325 in cb01b90
But I am thinking even if we don't have that initial signal handler for SIGCHLD then it would be ignored and we would run into the same issue |
That is just for when sudo is killed before it executes a command. There really shouldn't be any children at that point. |
I installed pam-ysshca and the only zombies I see are from strace, not sudo itself when using the latest sudo sources. Can you reproduce this problem with the latest version of sudo? If so, please provide ps output that shows the zombie processes and their parents. |
I am using
Sudo version 1.8.23
on Amazon Linux 2I am using a pam module created using cgo (sample pam module for testing: pam-ysshca). I have enabled debug logs in
/etc/sudo.conf
usingDebug sudo /var/log/sudo_debug all@debug
.Script I am running is :
I get zombie process on executing this script using
sudo nohup test.sh &
.What I am noticing is that
This is reproducible everytime sudo debug logs are turned on since I think time is also being used to print log statements before the actual signal handler is setup/
When debug logs is turned off, this happens 1 in 100s of execution because most of the time the new signal handler gets initialized (rt_sigaction for SIGCHLD) before the echo command exits.
Is this expected behavior that if SIGCHLD is received before the new signal handler is setup then it will lead to zombie processes.
The text was updated successfully, but these errors were encountered: