2820 fix hanging child process #2824

mssalvatore · 2023-01-12T00:44:54Z

What does this PR do?

Fixes #2820

PR Checklist

Have you added an explanation of what your changes do and why you'd like to include them?
Is the TravisCI build passing?
Was the CHANGELOG.md updated to reflect the changes?
~~Was the documentation framework updated to reflect the changes?~~
[x} Have you checked that you haven't introduced any duplicate code?

Testing Checklist

~~Added relevant unit tests~~?
Have you successfully tested your changes locally? Elaborate:

Tested by running ETE tests
Tested by running unit tests
~~If applicable, add screenshots or log transcripts of the feature working~~

codecov · 2023-01-12T00:49:51Z

Codecov Report

Base: 64.45% // Head: 64.78% // Increases project coverage by +0.32% 🎉

Coverage data is based on head (409a77f) compared to base (34a8dfa).
Patch has no changes to coverable lines.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #2824      +/-   ##
===========================================
+ Coverage    64.45%   64.78%   +0.32%     
===========================================
  Files          413      413              
  Lines        11737    11752      +15     
===========================================
+ Hits          7565     7613      +48     
+ Misses        4172     4139      -33

Impacted Files	Coverage Δ
monkey/monkey/infection_monkey/main.py	`0.00% <0.00%> (ø)`
monkey/monkey/infection_monkey/monkey.py	`0.00% <0.00%> (ø)`
...tion_monkey/exploit/log4shell_utils/ldap_server.py	`93.13% <0.00%> (+40.91%)`	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

Sometimes, the manager and agent processes are hanging instead of shutting down. This commit explicitly calls shutdown() on the manager object to ensure it terminates.

The SystemSingleton uses an abstract unix socket as a "lock" to ensure only one agent at a time runs on a given machine. It seems that if a manager process is spawned after this unix socket is created, the manager process inherits this file handle, which leads to the socket never being properly closed. Spawning the manager before the socket is opened is a quick solution to this problem. A better solution (see #2817) is to use a different method than a unix socket to achieve this goal, but, baby steps for now.

Just because the Twisted reactor failed to start doesn't mean that the server process is not running. The server process should be stopped before raising the LDAPServerStartError, otherwise the server or process may be left running indefinitely. Fixes #2820

Using Twisted for the Log4Shell exploiter has been nothing but trouble since the beginning. When we refactor this exploiter we should use another solution. In the meanwhile, we must be doing something wrong WRT stopping Twisted. The heavy-handed approach is to SIGKILL the process. This isn't ideal, but will be changed when we refactor this component. Issue #2820

monkey/infection_monkey/exploit/log4shell_utils/ldap_server.py

Forked processes will inherit all resources from the parent process. This includes the socket we use for ensuring only a single agent is running at any given time. Additionaly, threads will also be inherited by the forked process, which could cause problems. Using a spawn context should fix our singleton issue, and give the process a cleaner environment in which to run. Issue #2820

mssalvatore force-pushed the 2820-fix-hanging-child-process branch from 66ced46 to 0b20018 Compare January 12, 2023 01:25

mssalvatore marked this pull request as draft January 12, 2023 02:30

mssalvatore force-pushed the 2820-fix-hanging-child-process branch from 0b20018 to 48a7d39 Compare January 12, 2023 12:55

mssalvatore and others added 12 commits January 13, 2023 13:09

Agent: Shutdown the SyncManager explicitly

fd5c6dc

Sometimes, the manager and agent processes are hanging instead of shutting down. This commit explicitly calls shutdown() on the manager object to ensure it terminates.

Agent: Log singleton assertion errors

d7ee338

Agent: Add debug log just before stopping the QueueListener

88d353d

Agent: Give LDAP server process a name

3cf68bd

Agent: Add thread name and random component to LDAP server process name

f33384c

Changelog: Add an entry for #2820

38c5bcf

Agent: Fix timeout type hint in LDAPExploitServer.stop()

13202ef

Agent: Fix stop() call for uninitialized ldap server process

1329758

Agent: Add debug logging to LDAPExploitServer._run_twisted_reactor()

efacb05

cakekoa force-pushed the 2820-fix-hanging-child-process branch from d3e4dab to 4bacb7b Compare January 13, 2023 13:35

mssalvatore marked this pull request as ready for review January 13, 2023 17:24

mssalvatore commented Jan 13, 2023

View reviewed changes

monkey/infection_monkey/exploit/log4shell_utils/ldap_server.py Outdated Show resolved Hide resolved

cakekoa force-pushed the 2820-fix-hanging-child-process branch from eb3b77a to 409a77f Compare January 13, 2023 18:01

mssalvatore merged commit d558586 into develop Jan 13, 2023

mssalvatore deleted the 2820-fix-hanging-child-process branch January 13, 2023 19:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2820 fix hanging child process #2824

2820 fix hanging child process #2824

mssalvatore commented Jan 12, 2023

codecov bot commented Jan 12, 2023 •

edited

Loading

2820 fix hanging child process #2824

2820 fix hanging child process #2824

Conversation

mssalvatore commented Jan 12, 2023

What does this PR do?

PR Checklist

Testing Checklist

codecov bot commented Jan 12, 2023 • edited Loading

Codecov Report

codecov bot commented Jan 12, 2023 •

edited

Loading