Date: Tue, 19 Oct 2004 15:43:33 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Martin Blapp <mb@imp.ch> Cc: freebsd-current@freebsd.org Subject: Re: Showstopper ? Userland prozesses showing up as kernelprocesses with AMD opterons ? Message-ID: <20041019204333.GD83510@dan.emsphone.com> In-Reply-To: <20041019221826.O70496@cvs.imp.ch> References: <20041019105211.G5193@cvs.imp.ch> <20041019183938.GA83510@dan.emsphone.com> <20041019221826.O70496@cvs.imp.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Oct 19), Martin Blapp said: > > What are you seeing that identifies it as a kernel process? The > > only way I know of determining that from ps is "ps axlo flags", and > > looking for processes with the 0x200 bit set. > > bind 729 0.0 0.8 17356 16808 ?? Ss 4:12PM 0:18.27 [rbldnsd] 100 > clamav 2672 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 > clamav 2625 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 > > Correct. Those are not kernel processes, they only have 0x100 as flag which > means; > P_SUGID 0x00100 Had set id privileges since > last exec [...] > It's still strange. Could this mean that modifing id privileges looses all > cmdline args ? That's really bad if this is true. That or something like it. I have two processes that are doing the same thing on my system, but when I run ps as root, I see the full argument lists. One has P_SUGID, one doesn't. Something in the kern.proc. sysctl code is probably deciding not to return the argument list for those processes when you're not root. Maybe there's some hidden flag separate from P_SUGID it's checking? -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041019204333.GD83510>