Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check if PID file is empty before reading #1458

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Check if PID file is empty before reading #1458

wants to merge 1 commit into from

Conversation

aswatt
Copy link
Contributor

@aswatt aswatt commented Nov 10, 2021

If the PID cmdline file exists but is empty, then readlines() returns an empty list [], which will cause the cmdline[0] checks to fail saying "list index out of range". This verifies that the file both exists and has contents when doing this check, which should cover this edge case.

@aswatt aswatt requested a review from a team as a code owner November 10, 2021 01:05
@hestolz
Copy link
Contributor

hestolz commented Nov 17, 2021
edited
Loading

Can approve for sure but do we have any scenario where this would occur? also this method (checking /proc/pid/cmdline) is used in AMA/etc. as well, if possible please fix there as well. Thanks!

archoversight
archoversight suggested changes Dec 7, 2021
View reviewed changes
OmsAgent/omsagent.py
@@ -369,7 +369,7 @@ def stop_telemetry_process():
for pid in f.readlines():
# Verify the pid actually belongs to omsagent.
cmd_file = os.path.join("/proc", str(pid.strip("\n")), "cmdline")
if os.path.exists(cmd_file):
if os.path.exists(cmd_file) and (os.path.getsize(cmd_file) > 0):
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a time of check to time of use error waiting to happen.

Between this line and the next the PID may be gone, and the open below will fail. Instead the code should attempt to open the file unconditionally, and have a try/catch surrounding it for failure due to the PID not existing.

That solves one issue...

OmsAgent/omsagent.py
@@ -369,7 +369,7 @@ def stop_telemetry_process():
for pid in f.readlines():
# Verify the pid actually belongs to omsagent.
cmd_file = os.path.join("/proc", str(pid.strip("\n")), "cmdline")
if os.path.exists(cmd_file):
if os.path.exists(cmd_file) and (os.path.getsize(cmd_file) > 0):
with open(cmd_file, "r") as pidf:
cmdline = pidf.readlines()
if cmdline[0].find("omsagent.py") >= 0 and cmdline[0].find("-telemetry") >= 0:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we start our next time of check to time of use issue...

We validate here that the command line includes omsagent.py and -telemetry...

then on line 377 we send the kill command.

Between the time opening the file, checking that it belongs to omsagent.py the omsagent could have already been stopped, and the PID re-used by another process. The kill command will at that point send a signal to an innocent process.

Instead this should likely be managed using systemd or some other service manager that can keep track of PID's using cgroups.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@archoversight archoversight archoversight requested changes

@abenbachir abenbachir Awaiting requested review from abenbachir

@Dmitry-Matveev Dmitry-Matveev Awaiting requested review from Dmitry-Matveev

@hestolz hestolz Awaiting requested review from hestolz

@simathih simathih Awaiting requested review from simathih

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aswatt @hestolz @archoversight