Red Hat Bugzilla – Bug 302921
CVE-2006-6921 kernel: denial of service with wedged processes
Last modified: 2011-09-29 12:42:56 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2006-6921 to the following vulnerability:
Unspecified versions of the Linux kernel allows local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
From Albert Cahalan:
Normally, when a process dies it becomes a zombie. If the parent dies (before or
after the child), the child is adopted by init. Init will reap the child.
The program included below DOES NOT get reaped.
Do like so:
gcc -m32 -O2 -std=gnu99 -o foo foo.c
while true; do killall -9 foo; ./foo; sleep 1; done
BTW, it gets even better if you start playing with ptrace. Use the "strace"
program (following children) and/or start sending rapid-fire SIGKILL to all the
various _threads_ in the processes. You can get processes wedged in a wide
variety of interesting states. I've seen "X" state, processes sitting around
with pending SIGKILL, a process stuck in "D" state supposedly core dumping
despite ulimit 0 on the core size, etc.
This issue does not affect versions of kernels shipped in RHEL2.1 or RHEL3.
All children bugs have been closed, parent is no longer needed.