Skip to content

Commit

Permalink
changing parker pdeathsig to KILL so to prevent possibility of leaking (
Browse files Browse the repository at this point in the history
  • Loading branch information
eriktate authored Nov 20, 2024
1 parent f99c657 commit cde2dc5
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/srv/reexec.go
Original file line number Diff line number Diff line change
Expand Up @@ -1282,7 +1282,7 @@ func (o *osWrapper) newParker(ctx context.Context, credential syscall.Credential
}

// Perform OS-specific tweaks to the command.
reexecCommandOSTweaks(cmd)
parkerCommandOSTweaks(cmd)

if err := cmd.Start(); err != nil {
return trace.Wrap(err)
Expand Down
11 changes: 11 additions & 0 deletions lib/srv/reexec_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,17 @@ func reexecCommandOSTweaks(cmd *exec.Cmd) {
}
}

// if we ever need to run parkers on macOS or other platforms with no PDEATHSIG
// we should rework the parker to block on a pipe so it can exit when its parent
// is terminated
func parkerCommandOSTweaks(cmd *exec.Cmd) {
reexecCommandOSTweaks(cmd)

// parker processes can leak if their PDEATHSIG is SIGQUIT, otherwise we
// could just use reexecCommandOSTweaks
cmd.SysProcAttr.Pdeathsig = syscall.SIGKILL
}

func userCommandOSTweaks(cmd *exec.Cmd) {
if cmd.SysProcAttr == nil {
cmd.SysProcAttr = new(syscall.SysProcAttr)
Expand Down
2 changes: 2 additions & 0 deletions lib/srv/reexec_other.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ import (

func reexecCommandOSTweaks(cmd *exec.Cmd) {}

func parkerCommandOSTweaks(cmd *exec.Cmd) {}

func userCommandOSTweaks(cmd *exec.Cmd) {}

func setNeutralOOMScore() error { return nil }

0 comments on commit cde2dc5

Please sign in to comment.