On Wed, Aug 27, 2014 at 1:54 AM, Mark Lee <mark@xxxxxxxxxxxx> wrote: > I was wondering regarding the killing of a zombie process. As far as I > know, a zombied process is inherited by root when it's parent is > killed. The kernel periodically calls wait() which reaps the zombie > process and frees its memory. I was wondering if a possible attack > could be mounted by the zombie process when it is inherited by root. No, since a zombie process is dead and cannot execute any code. Also, "root" in this case refers to the process hierarchy root (PID 1; init or systemd) and not the user "root". Not the kernel but PID 1 is responsible for reaping.
