0

Can pkill guarantee the following situation never happens:

  1. I use pkill -f "abc"

  2. pkill finds process by name and remembers pid

  3. process ends

  4. Linux starts a new process with the same pid

  5. pkill kills the process started at step 4

Sam Hartman
  • 6,210
  • 3
  • 23
  • 40
Don Per In
  • 19
  • 1
  • 1
    Welcome to Stack Overflow! SO is for programming questions, not questions about using or configuring Linux. SuperUser.com or unix.stackexchange.com would be better places for questions like this. – Barmar Sep 28 '17 at 17:22
  • 2
    No, I don't think `pkill` can make that guarantee. Unix doesn't have any locking mechanism to support making the PID lookup and kill atomic. – Barmar Sep 28 '17 at 17:23
  • 1
    It's mainly depending on the fact that PIDs practically never get reused so quickly. – Barmar Sep 28 '17 at 17:23
  • 1
    PIDs are assigned sequentially, so it won't reuse the PID until it wraps around through all available PIDs. – Barmar Sep 28 '17 at 17:24
  • @Barmar e.g. on solaris pid distributed randomly, and we never can be sure :( Also we may have high load system with the rapid creation/completion processes – Don Per In Sep 28 '17 at 17:28
  • This is part of why it's wise to use advisory locking, not pidfiles, if one wants guarantees. Though it's hard to avoid *very short* races even then. – Charles Duffy Sep 28 '17 at 17:36
  • @Barmar I think this is on-topic for SO, because such races tend to be far more of an issue when you are using something like pkill programatically then when you're using it as a sysadmin. Your comments about Solaris are interesting, but note that the question is tagged as linux. – Sam Hartman Sep 28 '17 at 17:37
  • @SamHartman, that comment (about Solaris) was made by the OP, not by Barmar. – Charles Duffy Sep 28 '17 at 17:37
  • [Discussion of operating systems that randomize PIDs](https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security). – Kenster Sep 28 '17 at 17:48

1 Answers1

1

Pids do wrap and do eventually get reused. However, pids assigned to recently running processes are not soon reused. so, in practice the problem you're worried about never happens. It is theoretically possible as far as I can tell. However, that would mean that

  • pkill was running slow enough that a whole bunch of new process IDs could get allocated between finding the process and killing it
  • the rest of the system was running fast enough to create all those processes and get to a point where the recently used pid was freed.
  • As pointed out in comments, either you are root or the process is running as the same user

It's possible there is some way of attacking pkill so it's that slow, but such an attack would almost certainly be a kernel bug. I've never been in a situation where worrying about this problem was the right design decision.

Sam Hartman
  • 6,210
  • 3
  • 23
  • 40
  • And unless you're running `pkill` as root, the PID would also have to be reused by a process running under the same userid. – Barmar Sep 28 '17 at 17:27