16 Commits

Author SHA1 Message Date
Chris Down
866abacf88 pgrep: Support matching on the presence of a userspace signal handler
In production we've had several incidents over the years where a process
has a signal handler registered for SIGHUP or one of the SIGUSR signals
which can be used to signal a request to reload configs, rotate log
files, and the like. While this may seem harmless enough, what we've
seen happen repeatedly is something like the following:

1. A process is using SIGHUP/SIGUSR[12] to request some
   application-handled state change -- reloading configs, rotating a log
   file, etc;
2. This kind of request is deprecated and removed, so the signal handler
   is removed. However, a site where the signal might be sent from is
   missed (often logrotate or a service manager);
3. Because the default disposition of these signals is terminal, sooner
   or later these applications are going to be sent SIGHUP or similar
   and end up unexpectedly killed.

I know for a fact that we're not the only organisation experiencing
this: in general, signal use is pretty tricky to reason about and safely
remove because of the fairly aggressive SIG_DFL behaviour for some
common signals, especially for SIGHUP which has a particularly ambiguous
meaning. Especially in a large, highly interconnected codebase,
reasoning about signal interactions between system configuration and
applications can be highly complex, and it's inevitable that on occasion
a callsite will be missed.

In some cases the right call to avoid this will be to migrate services
towards other forms of IPC for this purpose, but inevitably there will
be some services which must continue using signals, so we need a safe
way to support them.

This patch adds support for the -H/--require-handler flag, which matches
on processes with a userspace handler present for the signal being sent.

With this flag we can enforce that all SIGHUP reload cases and SIGUSR
equivalents use --require-handler. This effectively mitigates the case
we've seen time and time again where SIGHUP is used to rotate log files
or reload configs, but the sending site is mistakenly left present after
the removal of signal handler, resulting in unintended termination of
the process.

Signed-off-by: Chris Down <chris@chrisdown.name>
2023-01-15 04:05:40 +00:00
Craig Small
56db0bd32c build-sys: Update tests to new binary locations 2022-08-29 19:13:10 +10:00
Clay Baenziger
e516cf4a18 testsuite: pgrep: Provide test for matching a more than 4k command line; beware as TCL does not seem to match on strings >4k 2019-09-21 17:00:53 +10:00
Jan Rybar
9252a04eae pgrep: warning about 15+ chars name only if zero matches found
This avoids situations where longer regex which matches short-named proc
is used. Test for pgrep updated.

This is the newlib update of 5d12be1b7e8cc690a4d8778754aae5db4c07db2b
Signed-off-by: Craig Small <csmall@enc.com.au>
2017-01-26 16:52:23 +11:00
Craig Small
34d040a079 pgrep: add warning that pattern exceeeds 15 chars
Add a warning if you specify a command over 15 characters and don't
use the -f command.

This is a pick of two patches from master:
 24fd260 pgrep: Fix off by one error in line check
 4a7f9fc pgrep - adds warning that pattern exceeds 15 chars without

References:
 !25
2016-09-11 10:40:47 +10:00
Craig Small
420cd9c7c2 Create test process
For the test suite, procps used to use sleep which would just
create a process or two to test the tools against.  Some setups
coreutils creates all programs including sleep into one blob which
means a lot of the tests fail, see issue #2

procps has its own sleep program now.
2015-06-13 15:04:31 +10:00
Craig Small
34a1194af8 pgrep SID=1 is valid
On most systems the only process with a SID=1 is init
and certainly not a test sleep.  On docker systems this
test program IS on SID=1 and so our "impossible SID" becomes
possible.
2015-05-09 17:53:08 +10:00
Craig Small
4050148a45 Fix some sched and tty tests
The ps sched test has been disabled. There are too many
odd build farms this fails in strange ways.

Other odd build farms have no tty and so some tests check
for no tty and skip if not found.
2015-05-09 17:48:12 +10:00
Craig Small
cacba5613e Reliably kill test processes
It seems command -v also includes built-ins so checking for kill
is useless because it finds the built-in and those machines or
environments that have no /bin/kill fail at the check stage.
Oh and then TCL exec doesn't spawn a shell.

After reading way too many TCL websites, I believe this should
fix the problem. TCL quoting is... different to say the least but
it works reliably here. The script now even picked up a typo elsewhere
which was nice.

This change should stop the intermittent FTBFS bugs from the Debian
pbuilders, I hope! You'd think kill $var wouldn't be this difficult.
2014-07-01 18:51:21 +10:00
Craig Small
422a4a5e67 Skip some tests if kill cannot be found
Some Debian pbuilders error out on some of the tests because
they cannot find kill to kill the test processes. Now if we
cannot find kill we skip those lot of tests.

Still need to work out why the S390 doesn't like test_sched

References: http://bugs.debian.org/725743
2013-10-09 19:18:55 +11:00
Alfredo Esteban
f12277c74d Debian Bug report #526355
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526355

Flag -f doesn't modify output anymore.

There is a new flag -a to show full command line processes.

Signed-off-by: Alfredo Esteban <aedelatorre@gmail.com>
2012-08-29 16:47:51 +10:00
Gilles Espinasse
664eaaebc6 Run pgrep and pkill tests whithout host ps
When ps is not available (like it may happen in a chroot), pgrep.exp and pkill.exp tests fail.
Use just build ps instead.

Signed-off-by: Gilles Espinasse <g.esp@free.fr>
2012-06-28 21:53:22 +10:00
Craig Small
532dc9239d Updated testsuite files for new NLS output 2012-01-02 17:39:41 +11:00
Craig Small
f05e15e830 More testing added for procps 2011-11-30 23:11:35 +11:00
Craig Small
261a3fae83 fixed pgrep and added ps tests 2011-11-29 22:55:03 +11:00
Craig Small
5c48d8b79a rearranged testsuite 2011-11-27 18:32:10 +11:00