[Bug 2646] zombie processes when using privilege separation
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Dec 15 10:32:39 AEDT 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2646
--- Comment #5 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Akshay from comment #4)
> Okay, I was able to reproduce the issue using `OpenSSH_7.2p2,
> OpenSSL 1.0.2g 1 Mar 2016`
Thanks.
> nsadmin 22 0.0 0.0 0 0 ? Z 22:48 0:00
> [sshd] <defunct>
If I'm reading this correctly that's the post-auth unprivileged process
(pid 22 in this example) not the [priv] process (pid 20 in this
example).
I think I can see how this would happen. After accepting the
connection and forking off a copy, sshd re-execs itself with the "-R"
flag in order to (hopefully) get a new address space layout. -R sets:
case 'R':
rexeced_flag = 1;
inetd_flag = 1;
then a bit later when the signal handlers are set up:
/* Get a connection, either from inetd or a listening TCP
socket */
if (inetd_flag) {
server_accept_inetd(&sock_in, &sock_out);
} else {
[...]
signal(SIGCHLD, main_sigchld_handler);
You can test this theory by running your sshd with the (undocumented)
"-r" option to disable the re-exec.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list