Professional Web Applications Themes

How to tell who sent KILL signal - Sun Solaris

Hi - We're seeing a problem where when we start on application (happens to be a sieve implementation) and it starts handling mail, another unrelated (mostly) application (happens to be imap server, but sieve is talking to lmtp server not imap) gets a SIGKILL delivered to it. Supposedly a truss shows the KILL being delivered to the one process but not being sent from the first. Any thoughts about how we can determine who or what is sending the KILL signal into the unrelated process? Chris...

  1. #1

    Default How to tell who sent KILL signal

    Hi - We're seeing a problem where when we start on application (happens to
    be a sieve implementation) and it starts handling mail, another unrelated
    (mostly) application (happens to be imap server, but sieve is talking to
    lmtp server not imap) gets a SIGKILL delivered to it. Supposedly a truss
    shows the KILL being delivered to the one process but not being sent from
    the first. Any thoughts about how we can determine who or what is sending
    the KILL signal into the unrelated process? Chris


    Chris Guest

  2. #2

    Default Re: How to tell who sent KILL signal


    "Chris Markle" <com> writes:
     

    AFAIK, that is not possible.

    The kernel would need to keep a list of signaling pid
    (imagine: while true ; do kill -KILL $PID & done )

    In addition, some signals and in particular SIGKILL can be sent by the
    kernel itself. (What about a killing PID = 0 ?)

    --
    __Pascal_Bourguignon__
    http://www.informatimago.com/
    Do not adjust your mind, there is a fault in reality.
    Pascal Guest

  3. #3

    Default Re: How to tell who sent KILL signal


    >
    > AFAIK, that is not possible.
    >
    > The kernel would need to keep a list of signaling pid
    > (imagine: while true ; do kill -KILL $PID & done )
    >
    > In addition, some signals and in particular SIGKILL can be sent by the
    > kernel itself. (What about a killing PID = 0 ?)[/ref]
    Use sigaction(2). In struct sigaction there is a member
    void (*sa_sigaction)(int, siginfo_t *, void *);
    set that to your handler. Note the siginfo_t * which is defined as

    typedef struct siginfo {
    int si_signo;
    int si_errno;
    int si_code;

    union {
    int _pad[SI_PAD_SIZE];

    /* kill() */
    struct {
    pid_t _pid; /* sender's pid */
    uid_t _uid; /* sender's uid */
    } _kill;

    /* POSIX.1b timers */
    struct {
    unsigned int _timer1;
    unsigned int _timer2;
    } _timer;

    /* POSIX.1b signals */
    struct {
    pid_t _pid; /* sender's pid */
    uid_t _uid; /* sender's uid */
    sigval_t _sigval;
    } _rt;
    /* SIGCHLD */
    struct {
    pid_t _pid; /* which child */
    uid_t _uid; /* sender's uid */
    int _status; /* exit code */
    clock_t _utime;
    clock_t _stime;
    } _sigchld;

    /* SIGILL, SIGFPE, SIGSEGV, SIGBUS */
    struct {
    void *_addr; /* faulting insn/memory ref. */
    } _sigfault;

    /* SIGPOLL */
    struct {
    int _band; /* POLL_IN, POLL_OUT, POLL_MSG */
    int _fd;
    } _sigpoll;
    } _sifields;
    } siginfo_t;

    You should be able to get the pid and uid from whoever sent you a signal.
    I really don't know how portable this is, but it works on my redhat machine.

    Nils Guest

  4. Moderated Post

    Default Re: How to tell who sent KILL signal

    Removed by Administrator
    Lon Guest
    Moderated Post

  5. Moderated Post

    Default Re: How to tell who sent KILL signal

    Removed by Administrator
    joe@invalid.address Guest
    Moderated Post

  6. #6

    Default Re: How to tell who sent KILL signal

    In comp.unix.solaris Chris Markle <com> wrote: 

    Given that it's a KILL you can't do anything in the application which is
    getting hit with the signal. The only options are :
    * truss any processes which you think might be sending it, and see if they
    do (keep in mind that only processes running as root or the same user can
    do it).
    * Enable BSM Auditing, and audit on the kill system call. See
    http://www.sun.com/blueprints/online.html for details on how to do this.

    Scott
    Scott Guest

  7. #7

    Default Re: How to tell who sent KILL signal

    Scott,
     

    Can you give me a more precise URL to check out? I went to this one and
    didn't really see anything exactly like you noted.

    Chris


    Chris Guest

  8. #8

    Default Re: How to tell who sent KILL signal

    In comp.unix.solaris Chris Markle <com> wrote: 
    >
    > Can you give me a more precise URL to check out? I went to this one and
    > didn't really see anything exactly like you noted.[/ref]

    Go to that URL, click on "Archives by Subject" in the top left, then look
    for "Auditing in the Solaris 8 Operating Environment"

    Scott
    Scott Guest

Similar Threads

  1. CFM will kill iis when off
    By theAgencyMan in forum Coldfusion Server Administration
    Replies: 1
    Last Post: September 23rd, 01:40 PM
  2. Replies: 3
    Last Post: October 15th, 03:34 PM
  3. How to tell who sent KILL signal
    By Chris in forum UNIX Programming
    Replies: 10
    Last Post: October 10th, 11:31 PM
  4. How to kill gdm??
    By Zhao You Bing in forum Debian
    Replies: 1
    Last Post: July 21st, 02:30 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139