Zombie processes, the result of parent processes that have not reaped their child processes, can be exploited for offensive security purposes, according to a recent post on the SANS Technology Institute’s (STI) Securing Linux blog.
The post explains that while zombie processes don’t actively consume system resources, they can hold a process ID (PID), which can be exploited by attackers to exhaust the maximum number of PIDs supported by a Linux system and thereby crash the system by preventing new processes from launching.
The post offers a demo C program that creates a zombie process, as well as advice on detecting, weaponising and remediating zombie attacks.