From 9a52e369f2a05f26ecdfb995a6387fc10f4fe2a2 Mon Sep 17 00:00:00 2001
From: Thomas Hobson <git@hexf.me>
Date: Mon, 26 Apr 2021 19:37:40 +1200
Subject: [PATCH] fix forking exploits

---
 api/src/job.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/api/src/job.js b/api/src/job.js
index b751228..2692bc1 100644
--- a/api/src/job.js
+++ b/api/src/job.js
@@ -192,6 +192,17 @@ class Job {
             processes = processes.filter(proc => proc.uid == this.uid);
 
             for(const proc of processes){
+                // First stop the processes, but keep their resources allocated so they cant re-fork
+                try{
+                    process.kill(proc.pid, 'SIGSTOP');
+                }catch{
+                    // Could already be dead
+                }
+            }
+
+
+            for(const proc of processes){
+                // Then clear them out of the process tree
                 try{
                     process.kill(proc.pid, 'SIGKILL');
                 }catch{