--- Begin Message ---
unhide: Ignoring SIGCHLD gives false positives
Sun, 18 May 2008 12:34:23 +1200
Here's a problem that a Debian user has encountered with unhide reporting
too many hidden processes.
He attached a simple patch for it and it looks reasonable to me. Can you see
anything wrong with it? Is there any reason why I should avoid making that
You will find the patch and the strace output attached to this email.
----- Forwarded message from Johan Walles <[email protected]> -----
"unhide sys" works like this:
* Do a syscall on a PID.
* If that PID exists:
* Launch ps using popen()
* Verify that the PID is listed
* Close the popen()ed stream with pclose()
* pclose() implicitly calls wait() to make sure the ps process has finished.
However, since the main() function does signal(SIGCHLD, SIG_IGN), the wait()
call will just return ECHILD, regardless of whether ps has finished or not.
Then, the next syscall finds the ps process that is still alive. But before
launching the next ps process, the previous one dies. And we have a hidden
Since this is a race, it behaves erratically, but I sometimes get a list of
over 20 hidden processes this way. This got much more obvious after
upgrading from 2.6.22 to 2.6.24.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/2 CPU cores)
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
----- End forwarded message -----
Description: Text Data
Description: Text document
--- End Message ---