Martin Blapp wrote: >Hi, > > > >>What are you seeing that identifies it as a kernel process? The only >>way I know of determining that from ps is "ps axlo flags", and looking >>for processes with the 0x200 bit set. >> >> > >bind 729 0.0 0.8 17356 16808 ?? Ss 4:12PM 0:18.27 [rbldnsd] 100 >clamav 2672 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 >clamav 2625 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 > >Correct. Those are not kernel processes, they only have 0x100 as flag which >means; > > > P_SUGID 0x00100 Had set id privileges since > last exec > > > > >>>clamav 1568 0.0 1.8 37592 37008 ?? I 7:00PM 0:01.65 [mimedefang-multiple] >>>clamav 1798 0.0 1.8 37592 37008 ?? I 7:00PM 0:00.00 [mimedefang-multiple] >>> >>>All cmdline args are gone. Any thoughts ? >>> >>> >>ps or libkvm out of sync with kernel? kern.ps_arg_cache_limit set to 0 >>for some reason? >> >> > >World and kernel are in sync. Something > ># sysctl -a kern.ps_arg_cache_limit >kern.ps_arg_cache_limit: 256 > >It's still strange. Could this mean that modifing id privileges looses all >cmdline args ? That's really bad if this is true. > are you doing the ps as root? > >Martin >_______________________________________________ >freebsd-current_at_freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-current >To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org" > >Received on Tue Oct 19 2004 - 18:50:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:18 UTC