Comments on What are the concrete security risks of forcibly terminating a process?
Parent
What are the concrete security risks of forcibly terminating a process?
I'm using the Gnome System Monitor in Linux Mint. Whenever I attempt to "End" or "Kill" a process, I am given this warning via a modal dialog (emphasis mine):
Killing a process may destroy data, break the session or introduce a security risk. Only unresponsive processes should be killed.
(Similarly with "end" instead of "kill" as appropriate.)
It makes sense that in-memory data could be corrupted (or not written to disk when it ought to be) when a process ends abnormally (not under its own control), and that certain processes might be necessary for the login session to work properly. But what security risks can be introduced this way, and how? (And if a process is indeed unresponsive, do I have options other than killing it or waiting?)
Post
That sounds like bad design on the developers' part. There are many unavoidable ways a program may be terminated unexpectedly:
- Killed by an OOM killer
- Program crash
- Terminated by virus
- OS crash
- Computer lost power
If these really do introduce a security risk, then it's very bad news for the user because there's not much you can do to prevent them.
Generally, perhaps the program has some clean up to do. For example, may be an encrypted secret gets decrypted and saved on disk when it starts, and the exit procedure deletes the decrypted version. If you forcibly terminate, the deletion will never happen. This is of course an insane design, but that hasn't stopped Gnome in the past...
0 comment threads