Date: Thu, 29 Oct 2009 14:22:57 -0700 From: patrick <gibblertron@gmail.com> To: FreeBSD Questions <questions@freebsd.org> Subject: Get the cwd of a process? Message-ID: <b043a4850910291422u2d37344tf46b5d46691bb48a@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Is there any way to get the cwd of a process? We had the situation recently where a perl script was called from an infiltrated Wordpress installation, but we weren't able to determine which of the hundreds of Wordpress blogs was the source. The ps listing showed: www 63968 2.4 0.2 26092 5008 ?? Rs 5:36PM 93:10.67 ./mrf.pl (perl5.8.8) The procfs entry was no help because it does not seem to provide a cwd. The cmdline entry just showed "/usr/local/bin/perl ./mrf.pl". We had to kill the process, and who ever was responsible did a good job of hiding their tracks. But should this happen again (and we expect it will), we'd like to be able to find the source. Patrick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b043a4850910291422u2d37344tf46b5d46691bb48a>