Ubuntu
psmisc package

killall unable to find privileged processes

Bug #1790732 reported by Lewis Hyatt
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
psmisc (Ubuntu)
Fix Released
Low
Unassigned
Bionic
Triaged
Low
Unassigned

Bug Description

Hello-

In Ubuntu 18.04.1 LTS, we have psmisc version 23.1. In this version, the default for "killall" is to kill processes in the current namespace only, and this causes killall to attempt to read /proc/$pid/ns/pid for every process. If a process is privileged (setuid, or has capabilities granted), then /proc/$pid/ns is not readable and killall is not able to match this process. So e.g. "killall ping" fails to kill anything even if a ping is running. It seems that psmisc may have recognized this issue, as in 23.2 the default was changed back to killing in all namespaces and not trying to read the namespace information from /proc. In the meantime, killall requires the "-n 0" argument as a workaround.

This issue is pretty impactful, at least for us, as it requires finding all instances of killall and adding the extra argument... is it possible to get psmisc version upped to 23.2? Thanks...

-Lewis

Revision history for this message
Joshua Powers (powersj) wrote :

Hi and thanks for taking the time to file a bug.

It looks like this package is directly synced from Debian and it looks like we have the latest version from Debian. I went looking for the upstream repo and the latest version I saw was 23.1:

https://gitlab.com/psmisc/psmisc/tags

From where did you find a newer version?

Once that is known, a request can be made to the Debian maintainers to bump the version and Ubuntu can sync that version.

Changed in psmisc (Ubuntu):
status: New → Incomplete
Revision history for this message
Lewis Hyatt (lewishyatt) wrote :

Thanks for looking into this. I see the necessary fix referenced in the ChangeLog here: https://gitlab.com/psmisc/psmisc/blob/master/ChangeLog . But I'm afraid I don't have any more information beyond that, perhaps this version is not released yet, but maybe the Debian maintainers are aware of the timeline for that?

-Lewis

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Yeah this isn't released yet in Debian.
The actual change is https://gitlab.com/psmisc/psmisc/commit/38829585c4f5b67c8c2a8cbdf86761a72ace43f6

But it is not that this would be a fix, as you already said "-n 0" can help.
This just switches defaults.

And I doubt we would go ahead so late in the Cosmic release cycle.
While I can feel the pain you have with it (I really do), it is too late now.
And changing the default of something like this would have to be before Feature Freeze (which we passed for quite a while now).

Combining:
- users can get away with "-n 0" if they want
- huge regression risk as behavior changes (killing more by default)
=> I think this makes it non SRUable/Fixable in anything before 19.04

We will pick this up with our usual merge/sync early in 19.04 where other tools relying on the behavior can adapt to the change.

Revision history for this message
Lewis Hyatt (lewishyatt) wrote :

OK, thanks for the information, makes sense. We will work around with /usr/local/bin wrapper for now. It's a bit unfortunate, that the change made upstream for psmisc 23.2,will make the "-n 0" option illegal again, but it's workable for us like this.

Andreas Hasenack (ahasenack)
Changed in psmisc (Ubuntu):
status: Incomplete → Triaged
importance: Undecided → Low
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Disco (19.04) has 23.2-1:
psmisc (23.2-1) unstable; urgency=medium

  * New upstream release
  * killall: look at all namespaces by default
(...)

Changed in psmisc (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Stefan Wutz (stefanwutz) wrote :

We have just started migrating our software stack from xenial to bionic. We run into the problem where command 'killall trafficcontroller' works on xenial but does not work on bionic. I found this issue https://gitlab.com/psmisc/psmisc/-/issues/23 is related to our problem and fixed in version 23.2.

The options "-n 0" works on bionic but we need a solution which works for xenial and bionic at the moment.

Is it possible to backport a newer version of psmisc to bionic?

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Backporting a new upstream release to a stable release is not usually what we want (it might introduce new bugs). However, in this case we have a small patch which can be backported to the current version in Bionic. This seems to be what we need:

https://gitlab.com/psmisc/psmisc/-/commit/38829585c4f5b67c8c2a8c

But as discussed above there is an easy workaround to "fix" this issue, so the priority for us is low. If you are willing to contribute to Ubuntu preparing a patch to apply this upstream commit to Bionic we could try to SRU (Stable Release Update) it.

Changed in psmisc (Ubuntu Bionic):
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.