-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clevis-decrypt-sss
fails to kill all child processes (and their respective children)
#460
Comments
Hello @m-ueberall . Could you reproduce this issue with "no FIDO2" pin? I was not able to do so ... but I might be missing something in my scenario |
@sarroutbi : You should be able to reproduce the above with the
The first run above worked as expected. Let's create a situation where one of the Tang servers is unable to respond in a timely manner, i.e., before the decryption has taken place using the other pin/server. To keep things as simple as possible, we just silently prevent it from receiving the request at all:
Now we rerun the test (no
In the next to last line above, I simply hit 'Enter' to get a current timestamp; you can see that it took more than 120 seconds for the remaining Don't forget to undo the artificially introduced problem:
|
For an example, see olastor/clevis-pin-fido2#3 (however, this is not a problem specific to this pin;
clevis-decrypt-sss
should always ensure that no (grand)child processes are left behind).As demonstrated below (using two terminals), threshold
t=1
is reached and the decryption succeeds, but one of the FIDO2 keys is still being queried until the key-specific timeout kicks in whileclevis-decrypt-sss
already terminated:The text was updated successfully, but these errors were encountered: