[Bug 2646] New: zombie processes when using privilege separation

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Dec 14 06:44:10 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2646

            Bug ID: 2646
           Summary: zombie processes when using privilege separation
           Product: Portable OpenSSH
           Version: 7.2p2
          Hardware: ix86
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: akshay.moghe at gmail.com

I'm using `OpenSSH_7.2p2 Ubuntu-4ubuntu1, OpenSSL 1.0.2g-fips` and I've
explicitly enabled UsePrivilegeSeparation.

With this I notice that the [priv] process does not get reaped by its
parent (sshd) and as a result is adopted by whatever pid 1 happens to
be. Normally this is okay since most init systems will handle this
correctly, however in containers we might encounter homemade "init"
systems that only serve to propagate signals but don't reap adopted
zombie processes. In such cases we accumulate these zombies over time
and can lead to obvious problems.

Is there any reason that sshd can't reap its children after they exit?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list