From owner-freebsd-current@FreeBSD.ORG Tue Oct 19 20:22:52 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 862D016A4CE for ; Tue, 19 Oct 2004 20:22:52 +0000 (GMT) Received: from mx1.imp.ch (mx1.imp.ch [157.161.9.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52C9943D5C for ; Tue, 19 Oct 2004 20:22:51 +0000 (GMT) (envelope-from mb@imp.ch) Received: from mx3.imp.ch (mx3.imp.ch [157.161.9.18]) by mx1.imp.ch (8.12.11/8.12.11) with ESMTP id i9JKMbcW039991 for ; Tue, 19 Oct 2004 22:22:38 +0200 (CEST) (envelope-from mb@imp.ch) Received: from mx3.imp.ch (localhost [127.0.0.1]) by mx3.imp.ch (8.12.11/8.12.11/Submit) with ESMTP id i9JKMZRe023168 for ; Tue, 19 Oct 2004 22:22:35 +0200 (CEST) (envelope-from mb@imp.ch) Received: (from clamav@localhost) by mx3.imp.ch (8.12.11/8.12.11/Submit) id i9JKMYtR023165 for ; Tue, 19 Oct 2004 22:22:34 +0200 (CEST) (envelope-from mb@imp.ch) Received: from cvs.imp.ch (cvs.imp.ch [157.161.4.9]) by ns1.imp.ch (MIMEDefang) with ESMTP id i9JKMVox060272; Tue, 19 Oct 2004 22:22:34 +0200 (CEST) Date: Tue, 19 Oct 2004 22:22:31 +0200 (CEST) From: Martin Blapp To: Dan Nelson In-Reply-To: <20041019183938.GA83510@dan.emsphone.com> Message-ID: <20041019221826.O70496@cvs.imp.ch> References: <20041019105211.G5193@cvs.imp.ch> <20041019183938.GA83510@dan.emsphone.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Resent: Yes X-Spam-Checksum: a079c791f60095d14522cb7415df44e1 X-Virus-Message-Status: No X-Virus-Status: No, scantime="0.0011 seconds" X-Spam-Status: No, hits=-4.9 required=5 scantime="7.0980 seconds" tests=BAYES_00 X-Scanned-By: MIMEDefang 2.45 cc: freebsd-current@freebsd.org Subject: Re: Showstopper ? Userland prozesses showing up as kernelprocesses with AMD opterons ? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 20:22:52 -0000 Hi, > What are you seeing that identifies it as a kernel process? The only > way I know of determining that from ps is "ps axlo flags", and looking > for processes with the 0x200 bit set. bind 729 0.0 0.8 17356 16808 ?? Ss 4:12PM 0:18.27 [rbldnsd] 100 clamav 2672 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 clamav 2625 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 Correct. Those are not kernel processes, they only have 0x100 as flag which means; P_SUGID 0x00100 Had set id privileges since last exec > > clamav 1568 0.0 1.8 37592 37008 ?? I 7:00PM 0:01.65 [mimedefang-multiple] > > clamav 1798 0.0 1.8 37592 37008 ?? I 7:00PM 0:00.00 [mimedefang-multiple] > > > > All cmdline args are gone. Any thoughts ? > > ps or libkvm out of sync with kernel? kern.ps_arg_cache_limit set to 0 > for some reason? World and kernel are in sync. Something # sysctl -a kern.ps_arg_cache_limit kern.ps_arg_cache_limit: 256 It's still strange. Could this mean that modifing id privileges looses all cmdline args ? That's really bad if this is true. Martin