Bug 922851 - exec a script causes a fork bomb when receiving SIGTSTP
exec a script causes a fork bomb when receiving SIGTSTP
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ksh (Show other bugs)
6.4
x86_64 Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Michal Hlavinka
Martin Kyral
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-18 12:56 EDT by Dennis Kanbier
Modified: 2013-11-21 05:54 EST (History)
2 users (show)

See Also:
Fixed In Version: ksh-20120801-2.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-21 05:54:29 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dennis Kanbier 2013-03-18 12:56:06 EDT
Description of problem:

Calling a subshell within a script started by exec can cause the exec'ed script to call itself indefinitely, much like a fork bomb. 

Note: be careful with the test case, as it may make your system unstable.

Version-Release number of selected component (if applicable):

ksh-20100621-5.el5

How reproducible:

100% of the time

Steps to Reproduce:
1. Create an executable file "foo" with the following two strings:
$ cat /root/foo
vi /tmp/bar
# Comment needed to trigger the bomb

2. Start a KSH session and exec the foo script:
$ ksh
$ exec /root/foo

3. You are now in a VI session. Send the TSTP signal to VI using CTRL-Z, close VI using :q.
  
Actual results:

/root/foo spawns itself as a child until it hits the nproc limit and is unable to fork any more processes.

Expected results:

The VI session drops to the background and can be recalled using "fg".

Additional info:

Unable to reproduce using bash. Still reproduces using the updated KSH RPM's from bug https://bugzilla.redhat.com/show_bug.cgi?id=892206
Comment 1 Dennis Kanbier 2013-03-18 15:13:00 EDT
Some more information on how the processes look:

$ ps -ef --forest
root      4741     1  0 20:11 pts/0    00:00:00 /root/foo
root      4742  4741  0 20:11 pts/0    00:00:00  \_ /root/foo
root      4743  4742  0 20:11 pts/0    00:00:00      \_ /root/foo
root      4744  4743  0 20:11 pts/0    00:00:00          \_ /root/foo
root      4745  4744  0 20:11 pts/0    00:00:00              \_ /root/foo
...
Comment 2 Michal Hlavinka 2013-03-19 11:43:05 EDT
thanks for reporting
reproducible
Comment 3 Dennis Kanbier 2013-03-28 12:55:57 EDT
Reproduces in RHEL6 as well:

$ ksh --version
  version         sh (AT&T Research) 93t+ 2010-06-21
$ rpm -qa |grep ksh
ksh-20100621-19.el6.x86_64

On RHEL6 the script sometimes gives a Memory fault without spawning unlimited childs:

$ exec /root/foo
/root/foo: line 1: 0:
/root/foo: line 1: 2396: Memory fault
Comment 4 Michal Hlavinka 2013-04-30 10:31:09 EDT
There is already another ksh fork bomb bug reported for RHEL5 - bug #910923
Instead of closing this as a duplicate, I'll use it for tracking this bug in RHEL6
Comment 5 Dennis Kanbier 2013-05-01 04:29:14 EDT
I'm not authorized to see that bug, I guess that is why it missed the search. 

Any details on the bug (hunting) yet?
Comment 7 Michal Hlavinka 2013-05-10 07:55:50 EDT
(In reply to comment #5)
> Any details on the bug (hunting) yet?

We have patch ready for next update
Comment 12 errata-xmlrpc 2013-11-21 05:54:29 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1599.html

Note You need to log in before you can comment on or make changes to this bug.