[Pkg-sysvinit-devel] Bug#738855: initscripts: Skip killing root-owned process starting with @
Helmut Grohne
helmut at subdivi.de
Thu Feb 13 21:18:19 UTC 2014
Control: retitle -1 initscripts: Skip killing root-owned process starting with @
On Thu, Feb 13, 2014 at 08:58:33PM +0000, Dimitri John Ledkov wrote:
> How about limiting it to processes running as root?
>
> E.g. pgrep -u root -f "^@" ?
>
> That way there is no loop-hole opened, since those processes could
> have written to /run/sendsigs.omit.d/ already.
I concur with this remedy. Can you update your patch or remove the patch
tag?
> Writing out a pidfile (and or otherwise copying them around is ok) but
> it is debian [derivative] specific as far as I can tell.
> Where is "@" convention is supported by a larger amount of
> distributions and other initsystems (e.g. systemd).
> ( http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/ )
> Writing out a pid-file should be avoided, especially since that is
> optional across all init systems and un-desirable for newer ones.
> Also, processes could be started off-root (e.g. initramfs) and/or
> otherwise not hold-up unmounting root.
> Thus I find "@" convention useful and lightweight self-identification.
Thanks for pointing out the rationale and documentation. Did you notice
that the referenced documentation explicitly restricts the technique to
root-owned processes?
Thanks for not introducing a security issue. :)
Helmut
More information about the Pkg-sysvinit-devel
mailing list