[Pkg-net-snmp-devel] Bug#781257: snmp: preinst kills all processes of user snmp

Thu Mar 26 14:39:52 UTC 2015

Package: snmp
Version: 5.7.2.1~dfsg-7
Severity: important

Dear Maintainers,

The preinst script of the 'snmp' (client tools) package contains the
following code (if 'install' or 'upgrade' is passed):

killall -u snmp 2>/dev/null || true

This was added here:
http://anonscm.debian.org/cgit/pkg-net-snmp/pkg-net-snmp.git/commit/debian/snmp.preinst?id=020a681ccee806a6adac6f4a1052132b0b21aad3

This, however, has some unfortunate problems (in ascending order of
importance):

1. This produces a lintian warning for precisely this reason:
https://lintian.debian.org/maintainer/pkg-net-snmp-devel@lists.alioth.debian.org.html#net-snmp

2. The snmp user is created by the 'snmpd' package, not by the 'snmp'
package, and there's no dependency between those packages, i.e. the
snmp user need not exist on systems with just 'snmp' installed.

3. Even worse, if installed on a system where snmpd is already running,
the preinst script will kill the running snmpd, without restarting it.
And since this is a simple SIGTERM, snmpd exits cleanly, making it
more unlikely that you notice that immediately.

4. Also, similar to the issue reported in #727105, this will kill any
processes running in containers that have the same numeric uid as snmp
on the host. In my case, this killed a cyrus instance running in a LXC
while I was just installing the (presumably harmless) snmp client tools
on the host, because the cyrus user inside the LXC had the same UID as
the snmp user outside.

5. And finally: why is this even done? I simply don't see the point of
doing this... The commit message in git doesn't describe the need for
this change, and I can't imagine any scenario for this: snmp contains a
bunch of client utilities and shouldn't have anything directly to do
with the SNMP server, so why start killing the server process and
subagents it started? Especially if the server isn't restarted in
postinst. I just don't get it.

The way I see it, it would probably best to just revert this change.
But if for some reason in some corner case snmpd actually has to be
restarted when the snmp package is installed, then please do that with
invoke-rc.d (and also restart it in postinst) and not with killall -u.

Thank you for your consideration,
Christian

PS: Note that there's a bug open in Ubuntu about the same issue for
quite some time now about the very same issue:
https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1245604

PPS: I was really tempted to report this as RC, but left it at
'important' for now.

-- System Information:
Debian Release: 8.0
   APT prefers testing
   APT policy: (500, 'testing'), (100, 'experimental'), (100, 
'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages snmp depends on:
ii  libc6         2.19-15
ii  libsnmp-base  5.7.2.1~dfsg-7
ii  libsnmp30     5.7.2.1~dfsg-7
ii  libssl1.0.0   1.0.1k-1

Versions of packages snmp recommends:
ii  perl-modules  5.20.2-2

snmp suggests no packages.

-- no debconf information