Find the answer to your Linux question:
Results 1 to 5 of 5
I upgraded to the latest ubuntu release, Hardy Heron 8.04, and noticed a shell process marked in the system monitor called 'sh Zombie'. It has a 4-integer PID and uses ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2008
    Posts
    4

    Hidden process + zombie shell found on new install of ubuntu 8.04 - what do i do


    I upgraded to the latest ubuntu release, Hardy Heron 8.04, and noticed a shell process marked in the system monitor called 'sh Zombie'.

    It has a 4-integer PID and uses no memory (says Memory N/A); it opens no files and has no memory maps, and appears to do nothing.

    I had a poke around using unhide proc and found another, different PID, this time a hidden one with 5-integers:

    unhide proc
    Found HIDDEN PID: XXXXX

    can't find any info on what to do about zombie scripts or hidden pid's

    How worried should i be? i'm not a security expert or anything, but am usually pretty careful about passwords and thought ubuntu was safe - it was the hardest box to hack at a recent competition - the only notebook to remain unhacked at the end of the competition is the Sony VAIO running Ubuntu 7.10.

    Anyone know of security flaws in ubuntu 8.04 ?

  2. #2
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,190
    A zombie process is one which has terminated but the kernel couldn't find a parent to notify. All processes when they terminate leave an exit code for their parent process, which is supposed to pick it up. Where this doesn't happen, the kernel doesn't completely clean up the process's task structure. That probably explains why the zombie shell you discovered isn't using any resources.
    "I'm just a little old lady; don't try to dazzle me with jargon!"

  3. #3
    Just Joined!
    Join Date
    Mar 2008
    Posts
    4
    The above happened only when i upgraded using the 'upgrade' button in synaptics - i burnt an image of 8.04 onto a CD and did a fresh install... no zombie and no hidden process was found.

    hmmm... could be a security flaw? or just an issue concerning synaptics?

  4. #4
    Linux Newbie SagaciousKJB's Avatar
    Join Date
    Aug 2007
    Location
    Yakima, WA
    Posts
    162
    It's probably just a typical zombie process. I had a machine with some bad hardware back in the day, and it would often leave zombie processes laying around all over the place.

    If it doesn't show up in lsof, then it's probably just a typical zombie. Kill it with 'kill -KILL pid'

  5. #5
    Just Joined!
    Join Date
    Mar 2008
    Posts
    4
    This problem disappeared when I burnt a disk image for Hardy Heron 8.04 and reinstalled from cd

    ... the zombie must have been caused by the 'update' button in ubuntu synaptics - phew, don't have to sweat over arcane security issues to much then!

    case closed, methinks

    thanks for responding

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •