Bug 234209 - regression: audit_warn(5) loops indefinitely if script /etc/security/audit_warn takes longer than 0.87s to execute
Summary: regression: audit_warn(5) loops indefinitely if script /etc/security/audit_wa...
Status: In Progress
Alias: None
Product: Base System
Classification: Unclassified
Component: misc (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Conrad Meyer
URL: https://github.com/openbsm/openbsm/is...
Keywords: regression
Depends on:
Blocks:
 
Reported: 2018-12-20 13:35 UTC by Marie Helene Kvello-Aune
Modified: 2019-05-09 16:17 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marie Helene Kvello-Aune 2018-12-20 13:35:35 UTC
We've run into a problem where the audit_warn(5) script /etc/security/audit_warn is called endlessly in a loop if it takes longer than 0.87s to execute.

Reproduction steps:
echo "sleep 1" >> /etc/security/audit_warn
and restart/hup the appropriate services.
Comment 1 Marie Helene Kvello-Aune 2019-04-24 13:27:26 UTC
For information: This bug still exists with 12.0-RELEASE-p3 and 13-CURRENT r346594.

Complete reproduction example: (this will overwrite /etc/security/audit_warn)
at << EOF >/etc/security/audit_warn                                                                                                                      #!/bin/sh                                                                                                                                                   echo "audit warning: $@" | wall                                                                                                                             sleep 1                                                                                                                                                     EOF 

# audit -n

expected behaviour: For the script to be executed once
actual behaviour: script is repeatedly executed, seemingly forever.
Remove "sleep 1" from the above script and it's called exactly one.

Real-world case: actions performed by this script take more than 1s to do their thing, and end up being called repeatedly for the same message.
Comment 2 Marie Helene Kvello-Aune 2019-05-09 13:05:27 UTC
I've found the commit which introduced the bug, and created a ticket with OpenBSM upstream: https://github.com/openbsm/openbsm/issues/52
Comment 3 Conrad Meyer freebsd_committer 2019-05-09 16:17:17 UTC
I have proposed a solution on upstream Github, so I might as well take the FreeBSD PR.