Common Vulnerabilities and Exposures assigned an identifier CVE-2006-6921 to the following vulnerability: Unspecified versions of the Linux kernel allows local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died. References: http://uwsg.iu.edu/hypermail/linux/kernel/0612.2/0980.html http://uwsg.iu.edu/hypermail/linux/kernel/0612.2/1021.html
From Albert Cahalan: Normally, when a process dies it becomes a zombie. If the parent dies (before or after the child), the child is adopted by init. Init will reap the child. The program included below DOES NOT get reaped. Do like so: gcc -m32 -O2 -std=gnu99 -o foo foo.c while true; do killall -9 foo; ./foo; sleep 1; done BTW, it gets even better if you start playing with ptrace. Use the "strace" program (following children) and/or start sending rapid-fire SIGKILL to all the various _threads_ in the processes. You can get processes wedged in a wide variety of interesting states. I've seen "X" state, processes sitting around with pending SIGKILL, a process stuck in "D" state supposedly core dumping despite ulimit 0 on the core size, etc.
This issue does not affect versions of kernels shipped in RHEL2.1 or RHEL3.
All children bugs have been closed, parent is no longer needed.