-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51348/#review146574
-----------------------------------------------------------




src/main/python/apache/thermos/core/helper.py (lines 104 - 109)
<https://reviews.apache.org/r/51348/#comment213078>

    In the non-docker usecase, Thermos will by default run as uid 0 and setuid 
launched processes to the role user. 
    
    This means, we will always satisfy the `uid ==0` condition here. This will 
make the entire function `this_is_really_our_pid` useless, as we will now 
happily kill everything.
    
    To make this safe, we have to pass in the the uid that we where supposed to 
setuid to (i.e the role user in the default usecase). Only if this is `None`, 
we may enter the block you have added here.


- Stephan Erb


On Aug. 23, 2016, 10:45 p.m., Zameer Manji wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51348/
> -----------------------------------------------------------
> 
> (Updated Aug. 23, 2016, 10:45 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Stephan Erb.
> 
> 
> Bugs: AURORA-1753
>     https://issues.apache.org/jira/browse/AURORA-1753
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Previously this process killing heuristic would not allow killing of a process
> if the uid it was launched with differs from the real uid of the currently
> running process. The logic is too conservative because it doesn't factor in
> that a process launched as root can use `setuid(2)` to change it's real uid.
> 
> This patch fixes the heuristic by permitting killing of a process launched as
> root but the real uid is now not root.
> 
> 
> Diffs
> -----
> 
>   src/main/python/apache/thermos/core/helper.py 
> dda40ed71bf8d26255cdb76eae29a5978a120d41 
>   src/test/python/apache/thermos/core/test_helper.py 
> 35397abd3ec769788f166088e5455c28bb120459 
> 
> Diff: https://reviews.apache.org/r/51348/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Zameer Manji
> 
>

Reply via email to