In the last episode (Oct 19), Martin Blapp said: > > What are you seeing that identifies it as a kernel process? The > > only way I know of determining that from ps is "ps axlo flags", and > > looking for processes with the 0x200 bit set. > > bind 729 0.0 0.8 17356 16808 ?? Ss 4:12PM 0:18.27 [rbldnsd] 100 > clamav 2672 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 > clamav 2625 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 > > Correct. Those are not kernel processes, they only have 0x100 as flag which > means; > P_SUGID 0x00100 Had set id privileges since > last exec [...] > It's still strange. Could this mean that modifing id privileges looses all > cmdline args ? That's really bad if this is true. That or something like it. I have two processes that are doing the same thing on my system, but when I run ps as root, I see the full argument lists. One has P_SUGID, one doesn't. Something in the kern.proc. sysctl code is probably deciding not to return the argument list for those processes when you're not root. Maybe there's some hidden flag separate from P_SUGID it's checking? -- Dan Nelson dnelson_at_allantgroup.comReceived on Tue Oct 19 2004 - 18:43:36 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:18 UTC