8000 Indefinite spawning of jbang processes with incorrect javaagent parameter settings · Issue #1803 · jbangdev/jbang · GitHub
[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Indefinite spawning of jbang processes with incorrect javaagent parameter settings #1803

Closed
tadayosi opened this issue May 28, 2024 · 8 comments
Closed

Indefinite spawning of jbang processes with incorrect javaagent parameter settings #1803

tadayosi opened this issue May 28, 2024 · 8 comments
Labels
bug Something isn't working wontfix This will not be worked on

Comments

@tadayosi
Copy link
tadayosi commented May 28, 2024
edited
Loading

Describe the bug
It appears that if we accidentally include & in the --javaagent parameter to jbang at the beginning of a file, it goes on a rampage and spawns jbang processes indefinitely, which easily exhausts CPU resources on a laptop and leads to a DoS.

Why does jbang try to restart indefinitely?

An example parameter that causes the issue:

///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=host=0.0.0.0&port=8888 "$0" "$@" ; exit $?

This is actually a correct, expected parameter (, instead of &):

///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=host=0.0.0.0,port=8888 "$0" "$@" ; exit $?

To Reproduce
Steps to reproduce the behavior:

  1. Create the following jbang script rampage.java:
///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=host=0.0.0.0&port=8888 "$0" "$@" ; exit $?

import static java.lang.System.*;

public class rampage {

    public static void main(String... args) throws Exception {
        Thread.sleep(10000);
        out.println("Hello World");
    }
}
  1. Run the script after chmod u+x rampage.java as follows:
./rampage.java

Caution

Trying to reproduce the issue can easily cause a flood of jbang processes and your computer may easily be out of control. After that, you can only hit ctrl+c many times and/or command pkill java / pkill dev.jbang.Main to quell the script.

Expected behavior
It should only spawn one jbang process and stop immediately throwing some error that tells the javaagent parameter is wrong.

JBang version
Paste output of jbang version --verbose

$ jbang version --verbose
[jbang] [0:295] jbang version 0.116.0
Cache: /home/tasato/.jbang/cache
Config: /home/tasato/.jbang
Repository: /home/tasato/.m2/repository
0.116.0

Additional context
n/a
@tadayosi tadayosi added the bug Something isn't working label May 28, 2024
@quintesse quintesse added the wontfix This will not be worked on label May 28, 2024
@quintesse
Copy link
Contributor

This is not a jbang problem, but always happens when you put an & in that first line. Try changing "jbang" to "echo" and you'll get the same behaviour.

@tadayosi
Copy link
Author

@quintesse OK, but I couldn't reproduce the issue with echo as you suggest.

#!/usr/bin/env echo &

echo hello
$ ./echo.sh 
/usr/bin/env: ‘echo &’: No such file or directory
/usr/bin/env: use -[v]S to pass options in shebang lines

Could you suggest me how to reproduce it with echo or other basic command with shebang, so that I can be convinced with your conclusion? Thanks.

@quintesse
Copy link
Contributor

Make sure you leave everything else the same as with your "rampage" test. Just change jbang to echo.
Also, make sure you have an echo installed on your system (instead of it only being part of your shell, check with which echo, it should return a path. If not then change echo to some other harmless command)

@quintesse
Copy link
Contributor

In fact the command isn't even important, see:

laptop:~/tmp$ cat rampage.java 
///usr/bin/env foo --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=host=0.0.0.0&port=8888 "$0" "$@" ; exit $?

import static java.lang.System.*;

public class rampage {
    public static void main(String... args) throws Exception {
        Thread.sleep(10000);
        out.println("Rampage");
    }
}

laptop:~/tmp$ ./rampage.java 
///usr/bin/env: ‘foo’: No such file or directory
///usr/bin/env: ‘foo’: No such file or directory
///usr/bin/env: ‘foo’: No such file or directory
///usr/bin/env: ‘foo’: No such file or directory
///usr/bin/env: ‘foo’: No such file or directory
///usr/bin/env: ‘foo’: No such file or directory
///usr/bin/env: ‘foo’: No such file or directory
.
.
///usr/bin/env: ‘foo’: No such file or directory
///usr/bin/env: ‘foo’: No such file or directory
^C///usr/bin/env: ‘foo’: No such file or directory
laptop:~/tmp$ ^C

@tadayosi
Copy link
Author

@quintesse Thanks.

I learnt that /// is not exactly the same as shebang #!. So it's a bash hack that pretends to be shebang but works a bit differently.
https://golangcookbook.com/chapters/running/shebang/

I now see that it's indeed not an issue with jbang. At the same time, jbang users may encounter the same issue especially when they play with --javaagent and then experience a big WOW. I'm just wondering if there's anything that can be done to prevent it from happening...

@quintesse
Copy link
Contributor

I'm just wondering if there's anything that can be done to prevent it from happening...

I doubt it, it's just how Unix shells work. But knowing the symptoms next time we can at least tell users what they're doing wrong :-)

@quintesse
Copy link
Contributor

Btw, I finally understand what's happening exactly. What is getting run is:

///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=host=0.0.0.0&port=8888 "$0" "$@" ; exit $?

which is the same as running:

///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=host=0.0.0.0
port=8888 "$0" "$@" ; exit $?

which is the same as:

///usr/bin/env jbang --javaagent=org.jolokia:jolokia-agent-jvm:2.0.2:javaagent=host=0.0.0.0
port=8888 "./rampage.java" "" ; exit $?

So the shell runs JBang with wrong parameters which causes it to print out its usage message and then the shell runs the next command which sets the "port" environment variable to "8888" and runs "rampage.java" again which starts the entire loop anew.

@tadayosi
Copy link
Author

Thanks for your analysis! So the line below literally creates infinite loop with any given command.

///usr/bin/env <cmd> & "$0" ; exit $?

It's very interesting.

@tadayosi tadayosi mentioned this issue Jun 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tadayosi @quintesse
0