[mosh-devel] [TOOL RELEASE] Killing Stale Mosh Sessions: Mosh Cleaner

Jann Horn jann at thejh.net
Mon Jan 27 10:58:15 EST 2014


On Mon, Jan 27, 2014 at 03:33:09PM +0100, Jason A. Donenfeld wrote:
> Hey folks,
> 
> Frequently, my server's "pinky" or "finger" output fills up with stale
> sessions from users. I've written a little cronjob tool to help clean
> these up:
> 
>    http://git.zx2c4.com/mosh-cleaner/about/
>    http://git.zx2c4.com/mosh-cleaner/tree/clean-mosh.c
[...]
> Thoughts? Suggestions?

Cool idea!

One problem I can see: You're doing setegid and seteuid to prevent a race causing
you to kill the process of the wrong user, right? Well, have a look at the kill(2)
manpage: "[...]to have permission[...] or the real or effective user ID of the
sending process must equal the real or saved set-user-ID of the target process".
Looks like you're changing exactly the wrong UID and this should be
"setresuid(sbuf.st_uid, sbuf.st_uid, -1)" instead?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/mosh-devel/attachments/20140127/1fb50d91/attachment.bin


More information about the mosh-devel mailing list