** Description changed: - killall in Precise is supposed to limit the number of arguments to 64, - but due to a fencepost error, 66 arguments will be blocked but 65 is - not. + [Impact] + + * killall with exactly 65 (33 in 32-bit environments) arguments can kill random processes + * this can be accidentially or even maliciously used to kill processes + * root casue is an off-by-one error + + [Test Case] + + * as seen in the bug description above, but please note that this triggers the bug only sometimes (1/3 of my tries) + ps xa | wc -l + for i in `seq 1 65`; do touch ~/tmp_tasks/test$i; done; + for i in `seq 1 65`; do echo ~/tmp_tasks/test$i; done | xargs killall + ps xa | wc -l + + [Regression Potential] + + * there should be no/minimal regression Potential + - the fix itself is minimal + - no solution (other than maybe exploits) should rely on this behaviour + + + [Original Report] + killall in Precise is supposed to limit the number of arguments to 64, but due to a fencepost error, 66 arguments will be blocked but 65 is not. With 65 arguments, the behavior varies, but in some cases will send a signal to random processes. # ps xa | wc -l 164 # mkdir ~/tmp_tasks/ # for i in `seq 1 65`; do touch ~/tmp_tasks/test$i; done; # for i in `seq 1 65`; do echo ~/tmp_tasks/test$i; done | xargs killall Connection to 198.18.88.176 closed by remote host. Connection to 198.18.88.176 closed. # ps xa | wc -l 126 This is fixed upstream and at the very least trusty works fine.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1507681 Title: killall with 65 arguments kills more than expected To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/psmisc/+bug/1507681/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs