From owner-freebsd-current@FreeBSD.ORG Tue Oct 19 20:50:47 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 92BE916A4D0 for ; Tue, 19 Oct 2004 20:50:47 +0000 (GMT) Received: from mail.vicor-nb.com (bigwoop.vicor-nb.com [208.206.78.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FAD243D70 for ; Tue, 19 Oct 2004 20:50:45 +0000 (GMT) (envelope-from julian@elischer.org) Received: from elischer.org (julian.vicor-nb.com [208.206.78.97]) by mail.vicor-nb.com (Postfix) with ESMTP id 0182D7A427; Tue, 19 Oct 2004 13:50:44 -0700 (PDT) Message-ID: <41757E24.1020704@elischer.org> Date: Tue, 19 Oct 2004 13:50:44 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030516 X-Accept-Language: en, hu MIME-Version: 1.0 To: Martin Blapp References: <20041019105211.G5193@cvs.imp.ch> <20041019183938.GA83510@dan.emsphone.com> <20041019221826.O70496@cvs.imp.ch> In-Reply-To: <20041019221826.O70496@cvs.imp.ch> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-current@freebsd.org cc: Dan Nelson Subject: Re: Showstopper ? Userland prozesses showing up as kernelprocesses with AMD opterons ? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Oct 2004 20:50:47 -0000 Martin Blapp wrote: >Hi, > > > >>What are you seeing that identifies it as a kernel process? The only >>way I know of determining that from ps is "ps axlo flags", and looking >>for processes with the 0x200 bit set. >> >> > >bind 729 0.0 0.8 17356 16808 ?? Ss 4:12PM 0:18.27 [rbldnsd] 100 >clamav 2672 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 >clamav 2625 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100 > >Correct. Those are not kernel processes, they only have 0x100 as flag which >means; > > > P_SUGID 0x00100 Had set id privileges since > last exec > > > > >>>clamav 1568 0.0 1.8 37592 37008 ?? I 7:00PM 0:01.65 [mimedefang-multiple] >>>clamav 1798 0.0 1.8 37592 37008 ?? I 7:00PM 0:00.00 [mimedefang-multiple] >>> >>>All cmdline args are gone. Any thoughts ? >>> >>> >>ps or libkvm out of sync with kernel? kern.ps_arg_cache_limit set to 0 >>for some reason? >> >> > >World and kernel are in sync. Something > ># sysctl -a kern.ps_arg_cache_limit >kern.ps_arg_cache_limit: 256 > >It's still strange. Could this mean that modifing id privileges looses all >cmdline args ? That's really bad if this is true. > are you doing the ps as root? > >Martin >_______________________________________________ >freebsd-current@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-current >To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" > >