From e5a4123b4e1bb901b9ff495f0d4c4171915d7360 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Fri, 20 Sep 2013 09:38:52 -0500 Subject: [PATCH] Kill raw input reader's child by process group. This should help on systems where the default shell (e.g. dash on Ubuntu) fork-execs in order to run commands. In that case, we were just killing the shell and the shell would exit without killing the actual process corresponding to command that was requested. Setting a process group for the shell exec'd from Bro and killing by process group should help clean everything up since process group will be inherited by any procs that shell fork-execs. --- src/input/readers/Raw.cc | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/input/readers/Raw.cc b/src/input/readers/Raw.cc index 64c29d632c..34408b79d2 100644 --- a/src/input/readers/Raw.cc +++ b/src/input/readers/Raw.cc @@ -73,15 +73,15 @@ void Raw::DoClose() if ( execute && childpid > 0 && kill(childpid, 0) == 0 ) { - // kill child process - kill(childpid, SIGTERM); + // kill child process group + kill(-childpid, SIGTERM); if ( forcekill ) { usleep(200); // 200 msecs should be enough for anyone ;) if ( kill(childpid, 0) == 0 ) // perhaps it is already gone - kill(childpid, SIGKILL); + kill(-childpid, SIGKILL); } } } @@ -146,6 +146,11 @@ bool Raw::Execute() else if ( childpid == 0 ) { // we are the child. + + // Obtain a process group w/ child's PID. + if ( setpgid(0, 0) == -1 ) + _exit(251); + close(pipes[stdout_in]); if ( dup2(pipes[stdout_out], stdout_fileno) == -1 ) _exit(252); @@ -180,6 +185,15 @@ bool Raw::Execute() else { // we are the parent + + // Parent also sets child process group immediately to avoid a race. + if ( setpgid(childpid, childpid) == -1 ) + { + char buf[256]; + strerror_r(errno, buf, sizeof(buf)); + Warning(Fmt("Could not set child process group: %s", buf)); + } + if ( ! UnlockForkMutex() ) return false;