Why does ptrace produce a zombie process when I want to trace a daemon SSHD

Question

I am trying to ptrace a sshd daemon. The following simple program is attached to the daemon. Whenever a ssh client connection is closed, the new generated sshd process turns into zombie process. Could you give me any comments? Thanks in advance.

int main(int argc, char *argv[])

{
        pid_t traced_process;

        int status = 0;

        if(argc != 2){
            printf("Usage: %s <pid to be traced>\n", argv[0]);
            exit(1);
        }

        traced_process = atoi(argv[1]);

        ptrace(PTRACE_ATTACH, traced_process, NULL, NULL);

        while(1){
                wait(&status);

                if(WIFEXITED(status)){
                    break;
                }

                ptrace(PTRACE_SYSCALL, traced_process, NULL, NULL);

        } // end of while

        return 0;

}

score 0 · Answer 1 · answered Jan 30 '15 at 03:18

By the man page of ptrace about PTRACE_ATTACH, the calling process appears in ps output as the child's parent. However, the PPID of the interactive service deamons (sshd or xinted) attached to a ptrace monitoring process is still their original INIT process. I wonder why not change the PPID as shown in the man page?

Why does ptrace produce a zombie process when I want to trace a daemon SSHD

1 Answers1