-
-
Notifications
You must be signed in to change notification settings - Fork 207
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use_pty: after killing an SSH connection some application are still running #367
Comments
You always need to check for POLLHUP when polling input since it is possible to get POLLHUP without POLLIN also being set. This is different from select() where readfds is set for both input and EOF conditions. I'm curious why you would only see this with sudo and use_pty, though. Which version of sudo do you see this with? |
Hi @millert , thanks for your reply. I'll report the informations in our internal ticket. BTW, months ago I manage to ran many tests trying to reproduce the problem with more running sudo version 1.9.12p1 (same used by the customer). I can confirm that after:
The session is correctly killed. Enabling use_pty, tail is still running. I think is the behavior of use_pty after But, without use_pty if you kill the SSH connection (ALT+F4, directly) you can see 2 users connected; with use_pty the users are still 3.
I suspect that there are no many reports just because in that case Anyhow, maybe you can find this interesting: this situation happen also only if you do |
Hi @millert just checking: you had the time to take a look to my previous comment? Anything you wanna share? Thanks! |
When tail is running directly via sudo and the session is closed, sudo will receive SIGHUP from the kernel due to the tty going away, which it forwards to the command running in the other pty. So that is probably what is killing tail in the normal case. This also works when sudo runs the shell directly, for instance:
In this case, when the session is closed, sudo sends SIGHUP to bash which then kills the command. However, this doesn't seem to be the case with "sudo su -" and, at least on Ubuntu, I see the sudo process is still running after the session is closed, probably because it is waiting for the command to exit. |
Previously when crm_mon was running in console mode, if the attached pseudo-terminal got lost, crm_mon would persist in the background and raise the CPU usage to 100%. The situation triggers if `use_pty` is enabled for `sudo`, in which case it creates a separate pseudo-terminal device for its child process. A producer: - Enable `use_pty` by adding `Defaults use_pty` to /etc/sudoers - Open a console and execute: > sudo su - # crm_mon - Open another console, find the PID of crm_mon's bash parent and kill it: # kill -9 $(ps -C crm_mon -o ppid=) The pty device created by `sudo` from the first console is basically deleted, but crm_mon continues running in the background and raises the CPU usage. This commit fixes it by watching more conditions from stdin and exiting upon (G_IO_ERR | G_IO_HUP). The similar was reported and fixed for the `more` command: util-linux/util-linux#2635 util-linux/util-linux#2795 The `tail` command is also impacted but hasn't been fixed so far. There's the relevant discussion here: sudo-project/sudo#367
Previously when crm_mon was running in console mode, if the attached pseudo-terminal got lost, crm_mon would persist in the background and raise the CPU usage to 100%. The situation triggers if `use_pty` is enabled for `sudo`, in which case it creates a separate pseudo-terminal device for its child process. A producer: - Enable `use_pty` by adding `Defaults use_pty` to /etc/sudoers - Open a console and execute: > sudo su - # crm_mon - Open another console, find the PID of crm_mon's bash parent and kill it: # kill -9 $(ps -C crm_mon -o ppid=) The pty device created by `sudo` from the first console is basically deleted, but crm_mon continues running in the background and raises the CPU usage. This commit fixes it by watching more conditions from stdin and exiting upon (G_IO_ERR | G_IO_HUP). The similar was reported and fixed for the `more` command: util-linux/util-linux#2635 util-linux/util-linux#2795 The `tail` command is also impacted but hasn't been fixed so far. There's the relevant discussion here: sudo-project/sudo#367
Previously when crm_mon was running in console mode, if the attached pseudo-terminal got lost, crm_mon would persist in the background and raise the CPU usage to 100%. The situation triggers if `use_pty` is enabled for `sudo`, in which case it creates a separate pseudo-terminal device for its child process. A producer: - Enable `use_pty` by adding `Defaults use_pty` to /etc/sudoers - Open a console and execute: > sudo su - # crm_mon - Open another console, find the PID of crm_mon's bash parent and kill it: # kill -9 $(ps -C crm_mon -o ppid=) The pty device created by `sudo` from the first console is basically deleted, but crm_mon continues running in the background and raises the CPU usage. This commit fixes it by watching more conditions from stdin and exiting upon (G_IO_ERR | G_IO_HUP). The similar was reported and fixed for the `more` command: util-linux/util-linux#2635 util-linux/util-linux#2795 The `tail` command is also impacted but hasn't been fixed so far. There's the relevant discussion here: sudo-project/sudo#367 Fixes T16
Previously, we would simply close the pty leader in the main sudo process. This had the effect of revoking the pty, but the foreground process would not necessarily receive SIGHUP. By using TIOCNOTTY in the monitor, the running command has a better chance of getting SIGHUP. Once the monitor has revoked the pty, the main sudo process will close the pty leader, invalidating the pty. GitHub issue #367.
I just committed a change that should fix the problem of running "sudo su -" and then killing the session. Sudo will now try to revoke the terminal using the TIOCNOTTY ioctl before closing the pseudo-terminal. On Linux, this will cause the foreground process to receive SIGHUP, even if it is in a different process group that the original command (in this case su). In my testing that causes the |
Thank you for this change! I'll look tomorrow and I will try your patch. |
We don't need to revoke the terminal in the monitor, just signal the foreground process group. This is more portable and has the same effect as ioctl(TIOCNOTTY) would on Linux. Since we now signal the command from the monitor, there is no reason to forward SIGHUP from the kernel. GitHub issue #367.
Hi, sorry for my delay in respondig. I didn't received feedback from the support till now. Anyhow, thank you for the patch! It works in that scenario. Can be achived the same killing directly "su -"?
Then from another shell:
As you can see tail is still running. Thanks! |
I see the same behavior without sudo. For example: $ su - From another terminal: $ ps auxwwg | grep su $ sudo kill -9 1657018 This was on Ubuntu but I'd expect it to be similar on other distros. When running a command in a pty, sudo changes the controlling terminal to itself after the command exits before sending the exit status to the parent sudo process. This prevents the kernel from sending SIGHUP to commands spawned by the sudo-run command when This seems like the correct behavior to me. |
There's no need to send messages back and forth to the monitor when the main process can just do it. GitHub issue #367.
Yes, I don't know why I added sudo... Thanks for your reply, I'll look at your latest commit referenced here. |
BTW, I can confirm that this is exactly the issue. |
If you kill su with SIGKILL there is no way for it to forward the signal to the child process and no notification for the child that the parent has exited. Linux su will forward some signals, such as SIGTERM to the child, but SIGKILL is not catchable. |
I think we are free to close, if something else comes out I'll open another issue. Thank you for all your help, really appreciated! |
Few months ago we discovered a bug that can be reproduced using
Defaults use_pty
while connected to a machine using SSH.The bug was "more" related, and here you can find the report: more: exit if POLLHUP or POLLERR on stdin is received.
Now we are facing - more or less - the same problem but with
tail
. In short, you can reproduce the issue doing:Defaults use_pty
(that is now the default)sudo su -
tail -f /var/log/messages
You will see the
tail
still running after that. strace produced this output:and it never ends. Basically
tail
keep reading from the file.Considering that they are not the only tasks with a similar problem, can be this caused by
sudo
, specifically, the optionuse_pty
?The use of
KillUserProcesses=yes
is not an option.Thank you!
The text was updated successfully, but these errors were encountered: