[Bug 2646] zombie processes when using privilege separation
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Dec 15 09:58:45 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2646
--- Comment #4 from Akshay <akshay.moghe at gmail.com> ---
Okay, I was able to reproduce the issue using `OpenSSH_7.2p2, OpenSSL
1.0.2g 1 Mar 2016`
First, I have a simple 'init' program that runs in a container. All it
does is it launches sshd, and waits for the TERM signal. On receipt of
TERM, it TERMs sshd, and exits.
So, initially, here is what I see:
root at 4871a0e3589e:/# ps auxf
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
root 9 0.0 0.0 18248 3384 ? Ss 22:47 0:00 bash
root 19 0.0 0.0 34424 2820 ? R+ 22:48 0:00 \_ ps
auxf
root 1 0.4 0.0 40364 8220 ? Ssl+ 22:47 0:00
/usr/bin/ruby -- /init.rb
root 8 0.0 0.0 26468 3844 ? S+ 22:47 0:00
/usr/sbin/sshd -D
The bash process (that spawns ps) is 'exec'd in the container using
docker exec so that I can view the process listing "out-of-band" (i.e
without exercising sshd)
Next, I log in, and list the processes (in-band, this time). This is
what i see:
nsadmin at 4871a0e3589e:~$ ps auxf
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
root 1 0.0 0.0 40364 8220 ? Ssl+ 22:47 0:00
/usr/bin/ruby -- /init.rb
root 8 0.0 0.0 26468 3844 ? S+ 22:47 0:00
/usr/sbin/sshd -D
root 20 0.0 0.0 29028 4532 ? Ss 22:48 0:00 \_
sshd: nsadmin [priv]
nsadmin 22 0.0 0.0 29028 2624 ? S 22:48 0:00
\_ sshd: nsadmin at pts/0
nsadmin 23 0.0 0.0 18256 3216 pts/0 Ss 22:48 0:00
\_ -bash
nsadmin 28 0.0 0.0 34424 2932 pts/0 R+ 22:48 0:00
\_ ps auxf
Then, I log out of the ssh session, and get the process listing using
an exec'd shell:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND
root 29 0.0 0.0 18248 3264 ? Ss 22:48 0:00
/bin/bash
root 40 0.0 0.0 34424 2876 ? R+ 22:48 0:00 \_ ps
auxf
root 1 0.0 0.0 40364 8220 ? Ssl+ 22:47 0:00
/usr/bin/ruby -- /init.rb
root 8 0.0 0.0 26468 3844 ? S+ 22:47 0:00
/usr/sbin/sshd -D
nsadmin 22 0.0 0.0 0 0 ? Z 22:48 0:00 [sshd]
<defunct>
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list