> On Aug. 23, 2016, 11:20 p.m., Stephan Erb wrote:
> > src/main/python/apache/thermos/core/helper.py, lines 104-109
> > <https://reviews.apache.org/r/51348/diff/1/?file=1482585#file1482585line104>
> >
> >     In the non-docker usecase, Thermos will by default run as uid 0 and 
> > setuid launched processes to the role user. 
> >     
> >     This means, we will always satisfy the `uid ==0` condition here. This 
> > will make the entire function `this_is_really_our_pid` useless, as we will 
> > now happily kill everything.
> >     
> >     To make this safe, we have to pass in the the uid that we where 
> > supposed to setuid to (i.e the role user in the default usecase). Only if 
> > this is `None`, we may enter the block you have added here.
> 
> Zameer Manji wrote:
>     `uid` is not the uid of thermos. `uid` comes from the `RunnerHeader` 
> struct that thermos uses. This header is created by the runner when it is 
> first launched and it is the `uid` of the desired role. See 
> `_initialize_ckpt_header` in `thermos/core/runner.py`.

Got it.


- Stephan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/51348/#review146574
-----------------------------------------------------------


On Aug. 23, 2016, 10:45 p.m., Zameer Manji wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/51348/
> -----------------------------------------------------------
> 
> (Updated Aug. 23, 2016, 10:45 p.m.)
> 
> 
> Review request for Aurora, Joshua Cohen and Stephan Erb.
> 
> 
> Bugs: AURORA-1753
>     https://issues.apache.org/jira/browse/AURORA-1753
> 
> 
> Repository: aurora
> 
> 
> Description
> -------
> 
> Previously this process killing heuristic would not allow killing of a process
> if the uid it was launched with differs from the real uid of the currently
> running process. The logic is too conservative because it doesn't factor in
> that a process launched as root can use `setuid(2)` to change it's real uid.
> 
> This patch fixes the heuristic by permitting killing of a process launched as
> root but the real uid is now not root.
> 
> 
> Diffs
> -----
> 
>   src/main/python/apache/thermos/core/helper.py 
> dda40ed71bf8d26255cdb76eae29a5978a120d41 
>   src/test/python/apache/thermos/core/test_helper.py 
> 35397abd3ec769788f166088e5455c28bb120459 
> 
> Diff: https://reviews.apache.org/r/51348/diff/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Zameer Manji
> 
>

Reply via email to