Opened 5 years ago

Closed 5 years ago

#3954 closed defect (fixed)

keactrl should not use "kill -0" to check status of the running server

Reported by: marcin Owned by: tmark
Priority: medium Milestone: Kea0.9.2
Component: dhcp Version: git
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DHCP Feature Depending on Ticket:
Estimated Difficulty: 0 Add Hours to Ticket: 0
Total Hours: 4 Internal?: no

Description

The #3939 introduced the use of pid files into keactrl. When it checks for the status of the process it reads the pid from the file and then does:

kill -0 <pid>

which requires that "keactrl status" is run with the root privileges, assuming that the process has been started as root. We agreed during the jabber discussion that keactrl shoudldn't require root to check the status of the process. So, the kill should be replaced with something else, e.g.

ps -p <pid>

and check if it produces any output, which would mean that the process with a given pid is alive.

Subtickets

Change History (8)

comment:1 follow-up: Changed 5 years ago by jreed

What operating system requires this to need root? (From my experience, superuser privilege is not needed on Linux or BSD.)

comment:2 in reply to: ↑ 1 Changed 5 years ago by jreed

Replying to jreed:

What operating system requires this to need root? (From my experience, superuser privilege is not needed on Linux or BSD.)

I realize now it is about the target pid running as root and the kill error code is the same where "operation not permitted" or "no such process". Since we don't want to try to parse kill output, I agree ps -p is better and is portable on all modern systems.

comment:3 Changed 5 years ago by marcin

  • Milestone changed from Kea-proposed to Kea0.9.2

Moving to Kea 0.9.2 per Kea call on 7/15/2015

comment:4 Changed 5 years ago by tmark

  • Owner set to tmark
  • Status changed from new to assigned

comment:5 Changed 5 years ago by tmark

  • Owner changed from tmark to UnAssigned
  • Status changed from assigned to reviewing

I manually verified "ps -p" behavior using ISC_DHCP lab VMs which included Debian,Centos, Ubuntuo, NetBSD, FreeBSD, and Solaris as well as on my Mac.

Replaced "kill -0" with "ps -p" for PID life checks in keactrl.in

ChangeLog proposed:

9xx.    [bug]       tmark
    Replaced used of "kill -0" with "ps -p" in keactrl when  
    checking of servers are alive.  This makes it possible for
    non-root users to use keactrl to monitor server status.
    (Trac #3954, git TBD)

comment:6 Changed 5 years ago by marcin

  • Owner changed from UnAssigned to marcin

comment:7 Changed 5 years ago by marcin

  • Owner changed from marcin to tmark

I have tested commit 84275678d0e72fa3dc3c707f6a678792ad432ebe and appears to work on my FreeBSD10.1 system. The unit tests also passed on OS-X.

This is ready to go! Thanks.

comment:8 Changed 5 years ago by tmark

  • Resolution set to fixed
  • Status changed from reviewing to closed
  • Total Hours changed from 0 to 4

Changes merged with git f7f22b244343a3dc2d06645a47c2c65a5134326e
Added ChangeLog entry 984.

Ticket is complete.

Note: See TracTickets for help on using tickets.