[grsec] weird behavior: grsec and MailScanner

[spender at grsecurity.net]

> USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
> Debian-  31550  0.5  0.0     0    0 ?        ZN   12:36   0:00 [MailScanner] <defunct>
> Debian-  22517  0.5  0.0     0    0 ?        ZN   12:36   0:00 [MailScanner] <defunct>
> Debian-  26787  1.0  0.0     0    0 ?        ZN   12:36   0:00 [MailScanner] <defunct>
> Debian-  15528  0.6  0.0     0    0 ?        ZN   12:36   0:00 [MailScanner] <defunct>
> Debian-   8520  0.2  0.0     0    0 ?        ZN   12:35   0:00 [MailScanner] <defunct>
> root     21227  0.0  0.1  2560 1356 ?        S    12:36   0:00 /bin/bash -i
> root     27754  0.0  0.0  2476  820 ?        R+   12:36   0:00  \_ ps axuf
> Debian-  26589  0.6  0.0     0    0 ?        ZN   12:36   0:00 [MailScanner] <defunct>
> Debian-  16183  0.9  0.0     0    0 ?        ZN   12:36   0:00 [MailScanner] <defunct>
> mailgw:/# exit

It's because these processes are zombies.  They've already exited, so 
they aren't holding any files or take up any memory (except in the 
process table).  The check previously in gr_pid_is_chrooted checked for 
process->fs && !have_same_root(current, process).  If this check passed, 
then the process would be unviewable.  Since the zombies don't have 
->fs, the check failed for them, and they were viewable.  I've modified 
the check in CVS so that zombies are no longer viewable within the 
chroot.  This means however that if you generate a zombie within your 
chroot, you won't be able to view that zombie, only a process outside of 
the chroot will be able to do so.

-Brad