Multithreaded app randomly quits as non-root

Multithreaded app randomly quits as non-root

Post by Daniel Barro » Fri, 11 May 2001 15:23:30



I'm developing an open source web content filter:
http://dansguardian.org/

Which uses a libary called nb++:
http://nbpp.sourceforge.net/

I've tried their mailing list and had no success with my problem.  Even the
library authors don't know the answer.

Basically, if I run my daemon in multithreaded mode with a pool of
processes /and/ I change the user from root to a lower privelage user such
as squid, it randomly quits.  If I run it fork threaded where it forks
upon an incomming connection it does not quit, ever.  If I run it multi-
threaded as root - it never has this random quitting problem.

I noticed that oops:
http://zipper.paco.net/~igor/oops.eng/

has comments in the code that due to linuxthreads design you can not call
setuid even when you call setuid before any thread creation.  So it does a
setgid then a seteuid instead.

I thought that may be the solution to the problem, but copying the oops
code for setting the user did not fix it.

So, the questions:

1. Does anyone have any more information about linux and linuxthreads and
this seteuid thing?

2. Does anyone know what the problem is or have any ideas?

3. Why would it quit randomly as say squid, but not as root?  Is the squid
user running out of ulimits?

4. After doing some research, there seems to be a problem with linuxthreads
and setuid and friends.  So is there anything wrong with me changing the
permissions on the executable binary so that the target user owns it and it
is chmod'ed u+s?  It seems to work, but is this good programming or is there
a neater/cleaner way?

Hey, if you have an idea and it turns out to lead to the solution - you'll
get a meantion on the developers page!

BTW, it's all written in C++ and runs on RH 6.2.  I don't think the problem
is a RH specific one.

Thanks!

--
Daniel Barron - use [at jadeb.com] for personal replys.

 
 
 

Multithreaded app randomly quits as non-root

Post by D. Stimit » Sat, 12 May 2001 07:58:26



> I'm developing an open source web content filter:
> http://dansguardian.org/

> Which uses a libary called nb++:
> http://nbpp.sourceforge.net/

> I've tried their mailing list and had no success with my problem.  Even the
> library authors don't know the answer.

> Basically, if I run my daemon in multithreaded mode with a pool of
> processes /and/ I change the user from root to a lower privelage user such
> as squid, it randomly quits.  If I run it fork threaded where it forks
> upon an incomming connection it does not quit, ever.  If I run it multi-
> threaded as root - it never has this random quitting problem.

> I noticed that oops:
> http://zipper.paco.net/~igor/oops.eng/

> has comments in the code that due to linuxthreads design you can not call
> setuid even when you call setuid before any thread creation.  So it does a
> setgid then a seteuid instead.

> I thought that may be the solution to the problem, but copying the oops
> code for setting the user did not fix it.

> So, the questions:

> 1. Does anyone have any more information about linux and linuxthreads and
> this seteuid thing?

> 2. Does anyone know what the problem is or have any ideas?

One thing that might be related is that any thread receiving a signal
that is not properly masked out or otherwise handled will cause
termination of the whole program. You may want to try masking out
signals from all threads except one, and then placing a signal handler
in that one thread that handles and announces whatever possible signals
there are...look for one you did not expect. If you find it and handle
it, you can do whatever you did before for signal handling. A typical
sample of a signal you might not have expected for networking is that
which occurs during a socket operation when there is a system call
interrupting it...EINTR. EINTR is not really an error, but does require
a retry of the socket function. I have *not* investigated, but possibly
changing from root to squid or other user implies a change that creates
a signal, e.g., EINTR under some locations in the code.


- Show quoted text -

Quote:

> 3. Why would it quit randomly as say squid, but not as root?  Is the squid
> user running out of ulimits?

> 4. After doing some research, there seems to be a problem with linuxthreads
> and setuid and friends.  So is there anything wrong with me changing the
> permissions on the executable binary so that the target user owns it and it
> is chmod'ed u+s?  It seems to work, but is this good programming or is there
> a neater/cleaner way?

> Hey, if you have an idea and it turns out to lead to the solution - you'll
> get a meantion on the developers page!

> BTW, it's all written in C++ and runs on RH 6.2.  I don't think the problem
> is a RH specific one.

> Thanks!

> --
> Daniel Barron - use [at jadeb.com] for personal replys.


 
 
 

Multithreaded app randomly quits as non-root

Post by Daniel Barro » Sun, 13 May 2001 19:46:52





[snip]
> > Basically, if I run my daemon in multithreaded mode with a pool of

(correction) threads as any user it randomly quits.  I've had it running for
as long as 5 days then the next 3 days crash several times a day.  So now
the thread name is wrong as well...

[snip]

> > 2. Does anyone know what the problem is or have any ideas?

> One thing that might be related is that any thread receiving a signal
> that is not properly masked out or otherwise handled will cause
> termination of the whole program. You may want to try masking out
> signals from all threads except one, and then placing a signal handler
> in that one thread that handles and announces whatever possible signals
> there are...look for one you did not expect. If you find it and handle
> it, you can do whatever you did before for signal handling. A typical
> sample of a signal you might not have expected for networking is that
> which occurs during a socket operation when there is a system call
> interrupting it...EINTR. EINTR is not really an error, but does require
> a retry of the socket function. I have *not* investigated, but possibly
[snip]


[snip]

Thanks very much for the answer.  Unfortunately I am only a newbie at
linux programming and so don't know how to do what you say.  I used nb++
to take away all the complex socket, multithreading, etc, code away from me.

However, I understand exactly what you mean.  At least I know that much.
I don't know how I would mask out signals to all threads except one.  Also,
I've tried puting in a signal handler to log signals to syslog, but it never
worked.  Nothing got logged.

I'll look into what you say in my linux programming book and try to do it.

Thanks again for your help.

--
Daniel Barron - use [at jadeb.com] for personal replys.

 
 
 

Multithreaded app randomly quits as non-root

Post by D. Stimit » Wed, 16 May 2001 00:49:27






> [snip]
> > > Basically, if I run my daemon in multithreaded mode with a pool of
> (correction) threads as any user it randomly quits.  I've had it running for
> as long as 5 days then the next 3 days crash several times a day.  So now
> the thread name is wrong as well...

> [snip]
> > > 2. Does anyone know what the problem is or have any ideas?

> > One thing that might be related is that any thread receiving a signal
> > that is not properly masked out or otherwise handled will cause
> > termination of the whole program. You may want to try masking out
> > signals from all threads except one, and then placing a signal handler
> > in that one thread that handles and announces whatever possible signals
> > there are...look for one you did not expect. If you find it and handle
> > it, you can do whatever you did before for signal handling. A typical
> > sample of a signal you might not have expected for networking is that
> > which occurs during a socket operation when there is a system call
> > interrupting it...EINTR. EINTR is not really an error, but does require
> > a retry of the socket function. I have *not* investigated, but possibly
> [snip]

> [snip]

> Thanks very much for the answer.  Unfortunately I am only a newbie at
> linux programming and so don't know how to do what you say.  I used nb++
> to take away all the complex socket, multithreading, etc, code away from me.

Many networking libraries deal with signals. If nb++ receives a signal,
and you are running something from this library inside of your own
thread, you'll likely run into a mysterious app crash.

Quote:

> However, I understand exactly what you mean.  At least I know that much.
> I don't know how I would mask out signals to all threads except one.  Also,
> I've tried puting in a signal handler to log signals to syslog, but it never
> worked.  Nothing got logged.

Check "pthread_sigmask". This should do what you want.


- Show quoted text -

Quote:

> I'll look into what you say in my linux programming book and try to do it.

> Thanks again for your help.

> --
> Daniel Barron - use [at jadeb.com] for personal replys.

 
 
 

Multithreaded app randomly quits as non-root

Post by Daniel Barro » Wed, 16 May 2001 07:28:14



[snip]

> > I've tried puting in a signal handler to log signals to syslog, but it never
> > worked.  Nothing got logged.

> Check "pthread_sigmask". This should do what you want.



Thanks.

--
Daniel Barron - use [at jadeb.com] for personal replys.

 
 
 

1. how to kill specific app processes by non-root app-admin

Hello -
  We have a need to kill processes belonging to a specific application, but
by an admin-type account ( say, appadm ) which is non-root.  The users in
this application group are something like "appusr, appxyz, and
appj001-appj100".

After a derived "list" of "shouldn't be active" candidates ( ps -ef | grep
"criteria" ),
we intended to use the "appadm" account to rsh as the candidate user (
appusr, appxyz, appj002, appj009, appj031, etc., ) and have that same user
kill all of it's own processes before exiting back to the appadm id.

Quite cumbersome, I know ... it seems like it should work except ... each of
the "user" accounts has a "startup" script, not the /bin/ksh, as its login
shell   such that the account is somewhat "captive" ... i.e., the users go
directly to the application.  As such,
we can't get to the command prompt to run the "killproc" script.

We want the "application" folks to take control and manage their application
and cleanup - so we don't want to use root to run those scripts.

Does anyone have better recommendations as to how to approach this?
Thanks, in advance, for your help and experience!

Yours Truly,

Don Barnick

2. Safe script to kill processes

3. run a non-root user's program from a non-root user

4. Upgrading and recompiling kernel - questions

5. How do I allow non-root apps to bind ports under 1024?

6. #9 Imagine 128s2 buffer question...

7. wierd problem with non-root BASH (0.96 root and boot)

8. Logging as root....bad idea?

9. root privileges through non-root process?

10. From Root to non-Root on the fly => HOW?

11. Digital UNIX, C2 -> change root password as non-root

12. KDE start times different for root and non-root.

13. RH8 - Problem w/non-root users starting root programs