Re: Security flaw when killing a process?

J. Sean Connell (ankh@canuck.gen.nz)
Thu, 8 Aug 1996 19:39:24 +1200 (NZST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Glenn Bily: "Re: MS Internet Explorer 3.x for Unix?!?"
Previous message: Michael Meskes: "Re: IDE errors with 2.0.11"

On Wed, 7 Aug 1996, Stefan Reinauer wrote:

> Hello,
>
> Just one thing I noticed:
>
> I have a very bad CDROM-Drive that often refuses work.
> When I try to mount the drive, the mount-process hangs
> somewhere in executing kernel routines because the CD-
> Drive does not answer. It surely takes 20 minutes until
> Linux stops the tries to mount the drive.
> During this time it's not possible to kill the mount
> process. Not even with a kill -9 PID.
>
> When I do a shutdown then, Linux shuts down with a mount
> timeout and does an fsck over all my harddisks neccessarily
> when booting the next time.
>
> My question:
> It seems that a process can't be killed while executing
> system routines. Is this right/wrong?
> If this was changed, would it be a security flaw if some-
> one can disturb the execution of system routines?
>
> Stefan.
>

If you looked at the process with ps or top while it was in this "stuck"
state, you would've seen something like this:

3545 ? D 0:20 mount

The "D" ^here means that the process is in "uninterruptable sleep";
that is, it's waiting for a system call to complete. During the time that
a process is inside a system call (i.e., it's inside the kernel), you
can't kill the process. Primarily because there's no way for the system
call to know that a signal has been received (which is handled elsewhere
in the kernel) until the process re-crosses the boundary between "user
space" and "kernel space".

As for the security aspect, it wouldn't open up a security hole, since you
can only kill your own processes unless you're root. However,
interrupting a system call would be a Very Bad Idea(tm), and it could
leave the system in an unstable state. Imagine the fun if a process was
killed while the system was swapping pages back in (a prime chance to see
a process marked as D) :)

HTH

(Please bear in mind that I'm not much of a kernel hacker; this is
changing now because of the Linux/sun3 project! :)

--
J. Sean Connell               Systems Software Architect, ICONZ
ankh@canuck.gen.nz            "Oh life is a glorious cycle of song,
ankh@iconz.co.nz               a medley of extemporanea,
#include <stddisc.h>           And love is a thing that can never go wrong...
                               And I'm Queen Marie of Romania."
I *hate* Sun Type 4 kbs!         --Dorothy Parker

Next message: Glenn Bily: "Re: MS Internet Explorer 3.x for Unix?!?"
Previous message: Michael Meskes: "Re: IDE errors with 2.0.11"