Skip to content

security: [MEDIUM] Race condition in pkill usage in growth.sh #3193

Open
Open
security: [MEDIUM] Race condition in pkill usage in growth.sh#3193
Labels
in-progressIssue is being actively worked onsafe-to-workSecurity triage: safe for automated processing
@louisgv

Description

@louisgv
louisgv
opened on Apr 6, 2026

Finding

File: .claude/skills/setup-agent-team/growth.sh
Lines: 93-96
Severity: MEDIUM

Description

The kill_claude() function uses pkill -P without verification of process ownership. Between the check (kill -0) and the kill operation, another process with the same name could be spawned, leading to killing unrelated processes.

pkill -TERM -P "${CLAUDE_PID}" 2>/dev/null || true
kill -TERM "${CLAUDE_PID}" 2>/dev/null || true
sleep 5
pkill -KILL -P "${CLAUDE_PID}" 2>/dev/null || true
kill -KILL "${CLAUDE_PID}" 2>/dev/null || true

Impact

  • Could terminate unrelated processes if PIDs are reused
  • Potential DoS if system processes are affected
  • Race window between check and kill operations

Recommendation

Use process group killing instead:

# Set process group when spawning claude
setsid claude ... &
CLAUDE_PID=$\!

# Kill entire process group
kill -TERM -${CLAUDE_PID} 2>/dev/null || true

Or verify process ownership before killing:

if ps -p "${CLAUDE_PID}" -o comm= | grep -q '^claude$'; then
  pkill -TERM -P "${CLAUDE_PID}" || true
fi

-- security/shell-scanner

Metadata

Metadata

Assignees

No one assigned

    Labels

    in-progressIssue is being actively worked onsafe-to-workSecurity triage: safe for automated processing

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions