[sudo-users] SIGHUP not reaching child process when closing the terminal window

Todd C. Miller Todd.Miller at sudo.ws
Fri Apr 8 13:33:31 MDT 2022

On Thu, 07 Apr 2022 21:37:46 +0200, "R. Diez via sudo-users" wrote:

> I am using this script to connect to an OpenVPN server:
>    https://github.com/rdiez/Tools/blob/master/OpenVPN/ClientConfig/connect-wi
> th-openvpn.sh
> Essentially, the script runs "sudo openvpn".
> If I press Ctrl+C on the terminal window, the connection is teared down corre
> ctly. The 'openvpn' server process seems to get SIGINT somehow.
> However, if I close the terminal window with the mouse, the 'openvpn' server 
> process stays running invisibly in the background.

When a terminal goes away, the kernel sends SIGHUP to the foreground
process group associated with that terminal.  If openvpn is in the
foreground process group (as it appears to be), I would expect it
to receive SIGHUP from the kernel too.  You cannot send SIGHUP to
the sudo-run process directly without also using sudo.

Things get more complicated when sudo is running commands in its
own pty, such as when log_input, log_output or use_pty are enabled
in the sudoers file.  In that case, the main sudo process has to
proxy signals between the two terminals.  However, the command
should still receive SIGHUP in this case too as long as the main
sudo process (running in the other terminal) receives SIGHUP.

A keyboard-generated signal (^C for SIGINT, ^\ for SIGQUIT) is also
sent by the kernel, which is why it works even for commands run as
different user.  The fact that pressing ^C stops the process leads
me to believe that this is not a sudo problem.

The openvpn docs state that openvpn does a hard reset on SIGHUP,
perhaps it is successfully reconfiguring instead of failing and
exiting.  Could there be a race condition between openvpn and the
cleanup you are doing in exit_cleanup()?  If openvpn is able to
reconfigure before your script removes the TAP device it may just
keep running.

To debug this further, I would try replacing the calls to openvpn
with something like "sleep 300" and see if the sleep is still running
after you close the terminal window.  If the sleep is still running,
it is probably a sudo problem.  If the sleep exits (due to SIGHUP),
then you probably have a race condition between openvpn and your
script.  You can also try sending SIGHUP to the script's process
group (not just the script process) via sudo to try to emulate the
terminal window being closed.

 - todd

More information about the sudo-users mailing list