[Bug 1637026] Re: kill incorrectly parses negative PIDs

Brian Murray brian at ubuntu.com
Thu Nov 3 19:43:04 UTC 2016 

Hello dann, or anyone else affected,

Accepted procps into xenial-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/procps/2:3.3.10-4ubuntu2.2 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Tags removed: verification-failed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to procps in Ubuntu.
https://bugs.launchpad.net/bugs/1637026

Title:
  kill incorrectly parses negative PIDs

Status in procps package in Ubuntu:
  Fix Released
Status in procps source package in Xenial:
  Fix Committed

Bug description:
  [Impact]
  When kill is called with a negative argument, incorrect parsing can lead it to call sys_kill(-1), thus sending a signal to all permitted processes on the system. A couple of users have hit this while deploying Hadoop, which seems to tickle this - basically killing everything on the system.

  [Test Case]
  Though I don't know what Hadoop is calling, here's a couple of ways to trigger this:

  One possibility is if kill were called w/ a numeric signal that
  happened to start with a '1' and while omitting the required <pid>
  argument:

  kill -12

  Another would be to specify a numeric signal (that again happened to
  start with a 1) multiple times:
  kill -13 -13 12345

  [Regression Risk]
  This is a backport from upstream that is already available in 16.10, with no known regressions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/procps/+bug/1637026/+subscriptions

More information about the foundations-bugs mailing list