Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Failed Kills

by aijin (Monk)
on Oct 19, 2001 at 19:12 UTC ( #120017=perlquestion: print w/ replies, xml ) Need Help??
aijin has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing cgi's to interface with a server I recently wrote. Everything was going just spiffy until I tried to add the functionality to kill a forked process.

kill 9, $pid doesn't work. I checked $pid and it's the correct PID.

I checked the permissions. Both the cgi and the server are owned by root.

The forked processes aren't stuck on an I/O call, and I can kill them just fine from the shell. I can't kill them from the cgi.

Suggestions are most appreciated!

-aijin

Comment on Failed Kills
Select or Download Code
Re: Failed Kills
by clintp (Curate) on Oct 19, 2001 at 19:25 UTC
    For one, your kill statement is incomplete. kill() has a return value. It also sets $!. Use them:
    kill 15, $pid or warn "Can't kill $pid: $!";
    This will let you know what the problem is.
Re: Failed Kills
by Zecho (Hermit) on Oct 19, 2001 at 21:04 UTC
    actually for one, on a linux box, it would be

    kill -9 $pid

    that is assuming you are calling the system's kill function and not a sub.
    kill 9 $pid will attempt to literally kill pid 9 and not kill $pid with a signal of 9

    Update: as I find by doing the research, perlfunc:kill and perlman:perlipc show that my suggestion sucked, using kill with -9 actually works contrary to the shell command, and kills the process group.

    hmmm, now I know there's a kill() function.
Re: Failed Kills
by traveler (Parson) on Oct 19, 2001 at 21:38 UTC
    I checked the permissions. Both the cgi and the server are owned by root.

    While the CGI may be owned by root, it is likely being run by a web server. That web server is hopefully not running as root. It is probably being run under a UID dedicated to the web server. In *NIX systems, if the server is running with permissions of a particular user (e.g. serveruser or root) only that user or root can send a signal to the process.

    You don't want a set-uid CGI due to possible security issues so one approach may be to have the cgi execute a set-uid program that kills the server. If there are other users on the machine that shouldn't execute the script, then you may need to use a tool like sudo to control access to your killing program.

    HTH, --traveler

    BTW, don't kill with signal 9 unless absoulutely necessary as it cannot be caught or ignored (that is, it cannot be processed by the program). Use kill 15, $pid or  kill 'TERM', $pid instead. Also -sig kills a process group in perl, but in the shell you need the - so the program can differentiate the signal number from a process-id (PID).

Re: Failed Kills
by fokat (Deacon) on Oct 19, 2001 at 21:43 UTC
    In order for a process to kill() (as in send a signal to) another, one of the two conditions must hold:

    • The process issuing the kill() call must be running as root.

    • The process issuing the kill() call is running under the same uid as the target of the call.

    Normally, your web server will be running under a non-root uid for security reasons.

    Insure that the server you're running is indeed using the same uid as your web server. Looking at the result code of the kill() call should help you pinpoint this particular condition.

    You must be careful when dealing with this kind of scenario. You specifically want to avoid running the cgi script suid to root for similar security reasons. Perhaps running it suid to the uid of your server might be acceptable, but be sure to check with your local sysadmins first.

    Good luck.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://120017]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (5)
As of 2014-12-26 03:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (164 votes), past polls