Welcome to Linux Forums!

With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.

Linux Forum ArticlesLinux ForumsLinux Forum DownloadsLinux Hosts
Home|Register|FAQ|Member List|Calendar|Unanswered Posts|Forum Rules|Today's Posts|Advanced Search|
SEARCH FOR IN
Go Back   Linux Forums > GNU Linux Zone > Linux Security
Reload this Page Hidden process + zombie shell found on new install of ubuntu 8.04 - what do i do
Linux Forums
Linux Forums
Welcome To The Linux Forums!
Welcome to Linux Forums. We pride ourselves in being one of the largest Linux communities on the web, we encourage you to REGISTER on our forums and participate in the community. There are over 150,000 members ready to answer your questions. JOINING US today will allow you to make new posts, get support, send messages to other members and submit downloads to our downloads directory and many other great features!

Linux Security Discussion about keeping your machines secure, and the crackers out.

Reply
 
Thread Tools Display Modes
Old 05-02-2008   #1 (permalink)
vermoos
Just Joined!
 
Join Date: Mar 2008
Posts: 4
Hidden process + zombie shell found on new install of ubuntu 8.04 - what do i do
I upgraded to the latest ubuntu release, Hardy Heron 8.04, and noticed a shell process marked in the system monitor called 'sh Zombie'.

It has a 4-integer PID and uses no memory (says Memory N/A); it opens no files and has no memory maps, and appears to do nothing.

I had a poke around using unhide proc and found another, different PID, this time a hidden one with 5-integers:

unhide proc
Found HIDDEN PID: XXXXX

can't find any info on what to do about zombie scripts or hidden pid's

How worried should i be? i'm not a security expert or anything, but am usually pretty careful about passwords and thought ubuntu was safe - it was the hardest box to hack at a recent competition - the only notebook to remain unhacked at the end of the competition is the Sony VAIO running Ubuntu 7.10.

Anyone know of security flaws in ubuntu 8.04 ?
vermoos is offline   Reply With Quote
Old 05-02-2008   #2 (permalink)
hazel
Linux Newbie
 
hazel's Avatar
 
Join Date: May 2004
Location: Harrow, UK
Posts: 232
A zombie process is one which has terminated but the kernel couldn't find a parent to notify. All processes when they terminate leave an exit code for their parent process, which is supposed to pick it up. Where this doesn't happen, the kernel doesn't completely clean up the process's task structure. That probably explains why the zombie shell you discovered isn't using any resources.
__________________
"I'm just a little old lady; don't try to dazzle me with jargon!"
hazel is offline   Reply With Quote
Old 05-02-2008   #3 (permalink)
vermoos
Just Joined!
 
Join Date: Mar 2008
Posts: 4
The above happened only when i upgraded using the 'upgrade' button in synaptics - i burnt an image of 8.04 onto a CD and did a fresh install... no zombie and no hidden process was found.

hmmm... could be a security flaw? or just an issue concerning synaptics?
vermoos is offline   Reply With Quote
Old 05-08-2008   #4 (permalink)
SagaciousKJB
Just Joined!
 
SagaciousKJB's Avatar
 
Join Date: Aug 2007
Location: Yakima, WA
Posts: 94
Send a message via AIM to SagaciousKJB Send a message via MSN to SagaciousKJB
It's probably just a typical zombie process. I had a machine with some bad hardware back in the day, and it would often leave zombie processes laying around all over the place.

If it doesn't show up in lsof, then it's probably just a typical zombie. Kill it with 'kill -KILL pid'
SagaciousKJB is offline   Reply With Quote
Old 05-08-2008   #5 (permalink)
vermoos
Just Joined!
 
Join Date: Mar 2008
Posts: 4
This problem disappeared when I burnt a disk image for Hardy Heron 8.04 and reinstalled from cd

... the zombie must have been caused by the 'update' button in ubuntu synaptics - phew, don't have to sweat over arcane security issues to much then!

case closed, methinks

thanks for responding
vermoos is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT. The time now is 06:42 AM.

Contact Us | Advertise | Archive | Top
Powered by vBulletin 3.6.8 ©2000 - 2007, content relevant URLs by vBSEO, Property of Core Root.

Content Relevant URLs by vBSEO 3.0.0