Bug 219724 - www/fcgiwrap rc script no check for pid file at onerestart
Summary: www/fcgiwrap rc script no check for pid file at onerestart
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Matthew Seaman
URL:
Keywords: needs-patch, needs-qa
Depends on:
Blocks:
 
Reported: 2017-06-02 11:21 UTC by BB Lister
Modified: 2017-06-04 12:23 UTC (History)
2 users (show)

See Also:
koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description BB Lister 2017-06-02 11:21:05 UTC 
10.3-RELEASE-p18 FreeBSD 10.3-RELEASE-p18 #0: Tue Apr 11 10:31:00 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

fcgiwrap-1.1.0_5 

The startup script /usr/local/etc/rc.d/fcgiwrap at the function

fcgiwrap_stop()


finds the pid file of the processed without checking if pidfile exists:

fcgiwrap_pgrp=$(/bin/ps -o ppid= $(cat ${pidfile}))

Thus when the pidfile does not exist (for example, at the startup if you issue
/usr/local/etc/rc.d/fcgiwrap onerestart  (and no pid file exist) then
we have an output that contains the PPID 1

like the following:

/bin/ps -o ppid= $(cat /var/run/fcgiwrap/fcgiwrap.pid) 

cat: /var/run/fcgiwrap/fcgiwrap.pid: No such file or directory 
72303 
    1 
71730 
72092 
    1 
    1 
    1 
  
and then using two lines after this a command  kill -TERM -- -${fcgiwrap_pgrp} 
terminates all these pids. 

But, PID 1 is the /sbin/init  and according to init(8) 
...init will signal the original (PID 1) init as follows: 
.... 
1            SIGTERM    Go to single-user mode 


So the fastcgiwrap sends SIGTERM to /sbin/init and then systems reverts to single user mode. 


The fix is to first check the existence of the file, like 

if [ -f  ${pidfile} ] ; then .... 




BB.
Comment 1 BB Lister 2017-06-02 15:49:43 UTC 

The bug is reproducable if you do:

rm /var/run/fcgiwrap/fcgiwrap.pid ; bash -x /usr/local/etc/rc.d/fcgiwrap onerestart
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-06-04 12:07:57 UTC 
A commit references this bug:

Author: matthew
Date: Sun Jun  4 12:07:34 UTC 2017
New revision: 442556
URL: https://svnweb.freebsd.org/changeset/ports/442556

Log:
  Avoid accidentally killing init or other important processes when
  running 'service fcgiwrap onestop' if /var/run/fcgiwrap/fcgiwrap.pid
  doesn't exist or contain the fcgiwrap PID.

  This prevents killing any processes in process groups 0 or 1 or in the
  caller's process group if the rc script cannot read the fcgiwrap
  pidfile.

  PR:		219724
  Submitted by:	bblister@gmail.com
  MFH:		2017Q2

Changes:
  head/www/fcgiwrap/Makefile
  head/www/fcgiwrap/files/fcgiwrap.in
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-06-04 12:23:10 UTC 
A commit references this bug:

Author: matthew
Date: Sun Jun  4 12:22:44 UTC 2017
New revision: 442557
URL: https://svnweb.freebsd.org/changeset/ports/442557

Log:
  MFH: r442556

  Avoid accidentally killing init or other important processes when
  running 'service fcgiwrap onestop' if /var/run/fcgiwrap/fcgiwrap.pid
  doesn't exist or contain the fcgiwrap PID.

  This prevents killing any processes in process groups 0 or 1 or in the
  caller's process group if the rc script cannot read the fcgiwrap
  pidfile.

  PR:		219724
  Submitted by:	bblister@gmail.com

  Approved by:	portmgr (implicit blanket: functionality fix)

Changes:
_U  branches/2017Q2/
  branches/2017Q2/www/fcgiwrap/Makefile
  branches/2017Q2/www/fcgiwrap/files/fcgiwrap.in
Comment 4 Matthew Seaman freebsd_committer freebsd_triage 2017-06-04 12:23:59 UTC 
Committed, thanks!