I am not putting in doubt what you are telling me. In my
implementation, the backend is run from within the code of the
frontend, so its ppid is the pid of the frontend. Occurrences of
execl, create another child process which is owned by the backend, but
the latter, dies as soon as the child process is created. The orphaned
child is related to the frontend, but its direct parent being dead, is
assigned the pid of the frontend as its parent. The complications
arise considering the fact, that the backend runs with root
privileges, while the frontend runs with normal user privileges. This
anomaly is achieved using a root SUID for the backend that permits a
normal user to run the backend with root privileges.
It seems, the fact that child processes created by instances of the
backend, are thus owned by root, and the frontend is not permitted to
wait() and reap them. This is why we ended up with zombies populating
the process list.
That is my humble explanation.
Edward
On 04/09/2015, Rainer Weikusat <rainerweikusat@???> wrote:
> Edward Bartolo <edbarx@???> writes:
>> A periodic algorithm is now implemented in the frontend to search for
>> backend and any spawned children for ownership by root. This most
>> probably was what was causing waitpid and wait to fail to reap
>> zombies.
>
> It can't. As an experiment, copy the id program to /tmp and make it
> setuid-0:
>
> As root, run
>
> cp /usr/bin/id /tmp
> cd /tmp
> chmod u+s id
>
> Compile and run the following program in /tmp (as non-root user):
>
> ------
> #include <stdio.h>
> #include <sys/wait.h>
> #include <unistd.h>
>
> int main(void)
> {
> int status;
>
> if (fork() == 0) execl("/tmp/id", "id", (void *)0);
>
> wait(&status);
> fprintf(stderr, "exit status %d\n", status);
>
> sleep(2);
> execlp("/bin/ps", "ps", "fax", (void *)0);
>
> return 0;
> }
> ------
>
> This will print 'exit status 0', sleep for 2s and then display the ps
> fax process with no zombie attached to it. Repeat running the program
> but after recompiling it with the wait and fprintf lines commented
> out. This time, the ps fax output will show the 'defunct' id process as
> it's exit status hasn't been collected.
>
> There's of course a chance that the fpc libraries do something funky for
> such a case but I don't believe so.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>