Showstopper ? Userland prozesses showing up as kernelprocesses
with AMD opterons ?
Julian Elischer
julian at elischer.org
Tue Oct 19 13:50:47 PDT 2004
Martin Blapp wrote:
>Hi,
>
>
>
>>What are you seeing that identifies it as a kernel process? The only
>>way I know of determining that from ps is "ps axlo flags", and looking
>>for processes with the 0x200 bit set.
>>
>>
>
>bind 729 0.0 0.8 17356 16808 ?? Ss 4:12PM 0:18.27 [rbldnsd] 100
>clamav 2672 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100
>clamav 2625 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100
>
>Correct. Those are not kernel processes, they only have 0x100 as flag which
>means;
>
>
> P_SUGID 0x00100 Had set id privileges since
> last exec
>
>
>
>
>>>clamav 1568 0.0 1.8 37592 37008 ?? I 7:00PM 0:01.65 [mimedefang-multiple]
>>>clamav 1798 0.0 1.8 37592 37008 ?? I 7:00PM 0:00.00 [mimedefang-multiple]
>>>
>>>All cmdline args are gone. Any thoughts ?
>>>
>>>
>>ps or libkvm out of sync with kernel? kern.ps_arg_cache_limit set to 0
>>for some reason?
>>
>>
>
>World and kernel are in sync. Something
>
># sysctl -a kern.ps_arg_cache_limit
>kern.ps_arg_cache_limit: 256
>
>It's still strange. Could this mean that modifing id privileges looses all
>cmdline args ? That's really bad if this is true.
>
are you doing the ps as root?
>
>Martin
>_______________________________________________
>freebsd-current at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-current
>To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"
>
>
More information about the freebsd-current
mailing list