From owner-freebsd-security Wed Jul 14 12:19:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from sfmailrelay.hamquist.com (sfmailrelay2.hamquist.com [199.108.89.15]) by hub.freebsd.org (Postfix) with SMTP id 2EC7615420 for ; Wed, 14 Jul 1999 12:18:46 -0700 (PDT) (envelope-from RCHILDER@hamquist.com) Received: from 10.40.251.222 by sfmailrelay.hamquist.com with ESMTP ( WorldSecure Server SMTP Relay(WSS) v3.6); Wed, 14 Jul 99 12:17:55 -0700 X-Server-Uuid: c29e0ff2-e8b9-11d1-a493-00c04fbbd7d3 Received: by sf1-mail03 with Internet Mail Service (5.5.2448.0) id <3RP6TMDC>; Wed, 14 Jul 1999 12:17:54 -0700 Message-ID: From: "Childers, Richard" To: "'Anil Jangity '" , "Childers, Richard" Cc: "''freebsd-security@freebsd.org ' '" Subject: RE: weird w report? Date: Wed, 14 Jul 1999 12:17:53 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) X-WSS-ID: 1B923DE9173805-01-02 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Anil notes: "kill -9 -1" Umm, why are you doing a "kill -9 -1" ? There is no process ID "-1". I see that the man page for 'kill' describes a usage '-1' where '-1' is a special PID that translates as 'send the signal to all processes' if you are logged in as "root"; you probably don't want to do this. (-: Which is why you su'd to the userid, I am speculating ... it seems intuitive that a user would be able to kill his own processes, but sometimes things are such that killing the process as "root" is preferred; in fact, trying to kill the process and not being successful can lead to the process becoming zombie'd, which is why I advise killing PIDs from "root". Try killing the process ID, as "root" : kill -9 ##### ... where ##### is the process ID reported by something like ps -aux | grep drenica ... where the first column is the userid, and the second column is the process ID. You may find it useful to search for all process IDs owned by that userid, sort them in reverse numeric order (IE, highest to lowest) and kill them in that reversed order; this is because the process ID roughly indicates ordinal sequence, such that killing them in the order of their process ID, reversed, one is killing processes in the reverse order they were started, in this fashion avoiding killing parent processes before child processes (which results in zombie processes). For example: # csh root@spawn.vax.com # ps -aux | grep drenica | grep -v grep \ | awk ' { print $2 }' | sort -rn > /tmp/badpids root@spawn.vax.com # foreach pid ( `cat /tmp/badpids` ) ? echo "killing $pid" && kill -9 ${pid} ? end root@spawn.vax.com # Hope this provides some insight ... -- richard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message