From 063eca84e454028492b7034ff2e481d2065ccf87 Mon Sep 17 00:00:00 2001 From: deajan Date: Wed, 31 May 2017 18:16:13 +0200 Subject: [PATCH] Backported fixes from v1.2x --- CHANGELOG.md | 6 +++- dev/ofunctions.sh | 80 +++++++++++++++++++++++++++--------------- dev/tests/run_tests.sh | 6 +++- 3 files changed, 61 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0491f02..b1d7611 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,11 @@ KNOWN ISSUES RECENT CHANGES -------------- -dd mmm YYYY: osync v1.1.6 released +31 May 2017: osync v1.1.6 released +- Backported v1.2.1 fixes + - Fixed bogus pgrep can lead to segfault 11 because of recursive KillChilds + - Fixed osync deletion not working on systems with ssh banner enabled + - Fixed low severity security issue where log and run files could be read by other users - SLEEP_TIME, SOFT_MAX_EXEC_TIME and HARD_MAX_EXEC_TIME can now be set as environment variables - Backported unit tests from v1.2-beta allowing to fix the following - HARD_MAX_EXEC_TIME wasn't enforced properly diff --git a/dev/ofunctions.sh b/dev/ofunctions.sh index 5a1ca53..5849fcb 100644 --- a/dev/ofunctions.sh +++ b/dev/ofunctions.sh @@ -1,4 +1,4 @@ -## FUNC_BUILD=2016071902-h +## FUNC_BUILD=2016071902-i ## BEGIN Generic functions for osync & obackup written in 2013-2016 by Orsiris de Jong - http://www.netpower.fr - ozy@netpower.fr ## type -p does not work on platforms other than linux (bash). If if does not work, always assume output is not a zero exitcode @@ -15,6 +15,9 @@ KEEP_LOGGING=1801 ## Correct output of sort command (language agnostic sorting) export LC_ALL=C +## Default umask for file creation +umask 0077 + # Standard alert mail body MAIL_ALERT_MSG="Execution of $PROGRAM instance $INSTANCE_ID on $(date) has warnings/errors." @@ -175,33 +178,52 @@ function QuickLogger { # Portable child (and grandchild) kill function tester under Linux, BSD and MacOS X function KillChilds { - local pid="${1}" - local self="${2:-false}" + local pid="${1}" # Parent pid to kill childs + local self="${2:-false}" # Should parent be killed too ? - if children="$(pgrep -P "$pid")"; then - for child in $children; do - Logger "Launching KillChilds \"$child\" true" "DEBUG" #__WITH_PARANOIA_DEBUG - KillChilds "$child" true - done - fi + # Paranoid checks, we can safely assume that $pid shouldn't be 0 nor 1 + if [ $(IsNumeric "$pid") -eq 0 ] || [ "$pid" == "" ] || [ "$pid" == "0" ] || [ "$pid" == "1" ]; then + Logger "Bogus pid given [$pid]." "CRITICAL" + return 1 + fi - # Try to kill nicely, if not, wait 15 seconds to let Trap actions happen before killing - if ( [ "$self" == true ] && eval $PROCESS_TEST_CMD > /dev/null 2>&1); then - Logger "Sending SIGTERM to process [$pid]." "DEBUG" - kill -s SIGTERM "$pid" - if [ $? != 0 ]; then - sleep 15 - Logger "Sending SIGTERM to process [$pid] failed." "DEBUG" - kill -9 "$pid" - if [ $? != 0 ]; then - Logger "Sending SIGKILL to process [$pid] failed." "DEBUG" - return 1 - fi - fi - return 0 - else - return 0 - fi + if kill -0 "$pid" > /dev/null 2>&1; then + # Warning: pgrep is not native on cygwin, have this checked in CheckEnvironment + if children="$(pgrep -P "$pid")"; then + if [[ "$pid" == *"$children"* ]]; then + Logger "Bogus pgrep implementation." "CRITICAL" + children="${children/$pid/}" + fi + for child in $children; do + Logger "Launching KillChilds \"$child\" true" "DEBUG" #__WITH_PARANOIA_DEBUG + KillChilds "$child" true + done + fi + fi + + # Try to kill nicely, if not, wait 15 seconds to let Trap actions happen before killing + if [ "$self" == true ]; then + # We need to check for pid again because it may have disappeared after recursive function call + if kill -0 "$pid" > /dev/null 2>&1; then + kill -s TERM "$pid" + Logger "Sent SIGTERM to process [$pid]." "DEBUG" + if [ $? != 0 ]; then + sleep 15 + Logger "Sending SIGTERM to process [$pid] failed." "DEBUG" + kill -9 "$pid" + if [ $? != 0 ]; then + Logger "Sending SIGKILL to process [$pid] failed." "DEBUG" + return 1 + fi # Simplify the return 0 logic here + else + return 0 + fi + else + return 0 + fi + else + return 0 + fi } # osync/obackup/pmocr script specific mail alert function, use SendEmail function for generic mail sending @@ -1207,9 +1229,9 @@ function PostInit { __CheckArguments 0 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG # Define remote commands - SSH_CMD="$(type -p ssh) $SSH_COMP -i $SSH_RSA_PRIVATE_KEY $SSH_OPTS $REMOTE_USER@$REMOTE_HOST -p $REMOTE_PORT" - SCP_CMD="$(type -p scp) $SSH_COMP -i $SSH_RSA_PRIVATE_KEY -P $REMOTE_PORT" - RSYNC_SSH_CMD="$(type -p ssh) $SSH_COMP -i $SSH_RSA_PRIVATE_KEY $SSH_OPTS -p $REMOTE_PORT" + SSH_CMD="$(type -p ssh) $SSH_COMP -q -i $SSH_RSA_PRIVATE_KEY $SSH_OPTS $REMOTE_USER@$REMOTE_HOST -p $REMOTE_PORT" + SCP_CMD="$(type -p scp) $SSH_COMP -q -i $SSH_RSA_PRIVATE_KEY -P $REMOTE_PORT" + RSYNC_SSH_CMD="$(type -p ssh) $SSH_COMP -q -i $SSH_RSA_PRIVATE_KEY $SSH_OPTS -p $REMOTE_PORT" } function InitLocalOSSettings { diff --git a/dev/tests/run_tests.sh b/dev/tests/run_tests.sh index 81d239f..1325877 100755 --- a/dev/tests/run_tests.sh +++ b/dev/tests/run_tests.sh @@ -7,7 +7,7 @@ ## On CYGWIN / MSYS, ACL and extended attributes aren't supported -# osync test suite 2016121202 +# osync test suite 2017053101 # 4 tests: # quicklocal @@ -191,6 +191,10 @@ function oneTimeSetUp () { START_TIME=$SECONDS source "$DEV_DIR/ofunctions.sh" + + # Fix default umask because of ACL test that expects 0022 when creating test files + umask 0022 + GetLocalOS echo "Detected OS: $LOCAL_OS"