Showstopper ? Userland prozesses showing up as kernelprocesses with AMD opterons ?

[Dan Nelson]

In the last episode (Oct 19), Martin Blapp said:
> > What are you seeing that identifies it as a kernel process?  The
> > only way I know of determining that from ps is "ps axlo flags", and
> > looking for processes with the 0x200 bit set.
> 
> bind         729  0.0  0.8 17356 16808  ??  Ss    4:12PM   0:18.27 [rbldnsd]            100
> clamav      2672  0.0  1.8 37684 36644  ??  I     4:16PM   0:00.00 [mimedefang-mult     100
> clamav      2625  0.0  1.8 37684 36644  ??  I     4:16PM   0:00.00 [mimedefang-mult     100
> 
> Correct. Those are not kernel processes, they only have 0x100 as flag which
> means;
>                P_SUGID             0x00100      Had set id privileges since
>                                                 last exec
[...]
> It's still strange. Could this mean that modifing id privileges looses all
> cmdline args ? That's really bad if this is true.

That or something like it.  I have two processes that are doing the
same thing on my system, but when I run ps as root, I see the full
argument lists.  One has P_SUGID, one doesn't.  Something in the
kern.proc. sysctl code is probably deciding not to return the argument
list for those processes when you're not root.  Maybe there's some
hidden flag separate from P_SUGID it's checking?

-- 
	Dan Nelson
	dnelson at allantgroup.com