On 12/7/20 7:43 AM, Theo de Raadt wrote:
We've put some work into making programs not damage their argv. If you provide a strong set of arguments to the programs you start, you may be able to pkill with a more fullsize pattern, increasing the accuracy.
AFAICS pflogd rewrites the command line. This is what I saw this morning for using symlinks: {root@gate6a:etc 510} ps auxww | grep pflogd root 8647 0.0 0.0 716 576 ?? IU 27Nov20 0:00.00 pflogd0: [priv] (pflogd) _pflogd 44379 0.0 0.0 772 652 ?? Sp 27Nov20 0:19.26 pflogd0: [running] -s 160 -i pflog0 -f /var/log/pflog0 (pflogd) root 23720 0.0 0.0 732 596 ?? IU 27Nov20 0:00.00 pflogd1: [priv] (pflogd) _pflogd 22050 0.0 0.0 772 660 ?? Sp 27Nov20 0:22.99 pflogd1: [running] -s 160 -i pflog1 -f /var/log/pflog1 (pflogd) root 52274 0.0 0.0 724 588 ?? IU 27Nov20 0:00.00 pflogd2: [priv] (pflogd) _pflogd 26070 0.0 0.0 772 564 ?? Sp 27Nov20 0:15.02 pflogd2: [running] -s 160 -i pflog2 -f /var/log/pflog2 (pflogd) root 10820 0.0 0.0 732 576 ?? IU 27Nov20 0:00.00 pflogd3: [priv] (pflogd) _pflogd 75291 0.0 0.0 772 564 ?? Sp 27Nov20 0:14.70 pflogd3: [running] -s 160 -i pflog3 -f /var/log/pflog3 (pflogd) root 87921 0.0 0.0 108 280 p0 R+/3 6:03AM 0:00.00 grep pflogd newsyslog has to kill -HUP the processes owned by root. See that there is just "pflogd" possible as a search pattern for pkill? Using "pflogd3" as a search pattern didn't work, so I had to replace the symlinks by hard links to make "pflogd3" show up in the process table. Surely I am not askting to drop pkill or pgrep. But an optional argument -p in pflogd shouldn't hurt. Nobody is forced to use it. (Not to mention that "pkill pflogd" would kill a process "pflogdsample" as well, so there is still a risk for killing the wrong process.) About the PIDs: Maybe a systctl like kernel.pid_max = 4194303 known from other OSes could help to reduce the risk for PID conflicts. If you store the PID files on a volatile file system, so you can be sure they are gone on the next reboot, anyway. Just a suggestion, of course. Please keep on your good work Regards Harri