Botnets and their avoidance methods
Author: Jeffrey. Zhu
My blog: http://blog.csdn.net/gueter/
1. What is a zombie process?
In Linux, a child process that has been terminated but has not been processed by the parent process (the resources occupied by releasing the sub-process information) is called a zombie process. When the child process ends, the parent process calls pid_t wait (int * statloc) or pid_t waitpid (pid_t PID, int * statloc, int options) obtain the information (process ID, termination status) Saved by the sub-process in the kernel ).
2. Zombie process Avoidance Analysis
When a process is created, the termination status of the child process must be returned to the parent process. However, when the fork function is called, if the parent process ends earlier than the child process, it is adopted by the INIT process: when a process is terminated, the kernel checks all active processes one by one to determine whether it is a child process of the terminated process. If yes, the ID of the parent process of the process is changed to 1. In this way, each process has a parent process. As long as the INIT process detects that a child process is terminated, it will call wait or waitpid to release resources to prevent zombie processes.
3. Solution: Call fork twice to avoid zombie Processes
# Include "apue. H"
# Include <sys/Wait. H>
Int main (void)
{
Pid_t PID;
If (pid = fork () <0 ){
Err_sys ("fork error ");
} Else if (pid = 0) {// The first child process
If (pid = fork () <0)
Err_sys ("fork error ");
Else if (pid> 0)
Exit (0); // terminate the parent process of the second child process (the first child process)
/*
* This is the second child process (orphan process). Its parent process has become the INIT process. When the parent process calls exit () to terminate the process, the parent process continues to execute, when the second child process is terminated, the parent process init obtains its status to avoid zombie processes.
*/
Sleep (2); // ensure that the parent process runs preferentially (the first child process)
Printf ("second child, parent pid = % d/N", getppid (); // obtain the parent process ID (I .e., init ID, 1)
Exit (0); // terminate the second child process
}
If (waitpid (PID, null, 0 )! = PID) // wait for the first child process
Err_sys ("waitpid error ");
Printf ("I am the parents of your parents/N ");
/*
* Here is the parent process that continues executing the original parent process (the first parent process) and knows that it is not the second child process
*/
Exit (0); // the first parent process is terminated.
}
This article from the csdn blog, reproduced please indicate the source: http://blog.csdn.net/gueter/archive/2008/07/29/2732169.aspx