Date: Tue, 19 Oct 2004 22:22:31 +0200 (CEST) From: Martin Blapp <mb@imp.ch> To: Dan Nelson <dnelson@allantgroup.com> Cc: freebsd-current@freebsd.org Subject: Re: Showstopper ? Userland prozesses showing up as kernelprocesses with AMD opterons ? Message-ID: <20041019221826.O70496@cvs.imp.ch> In-Reply-To: <20041019183938.GA83510@dan.emsphone.com> References: <20041019105211.G5193@cvs.imp.ch> <20041019183938.GA83510@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
> What are you seeing that identifies it as a kernel process? The only
> way I know of determining that from ps is "ps axlo flags", and looking
> for processes with the 0x200 bit set.
bind 729 0.0 0.8 17356 16808 ?? Ss 4:12PM 0:18.27 [rbldnsd] 100
clamav 2672 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100
clamav 2625 0.0 1.8 37684 36644 ?? I 4:16PM 0:00.00 [mimedefang-mult 100
Correct. Those are not kernel processes, they only have 0x100 as flag which
means;
P_SUGID 0x00100 Had set id privileges since
last exec
> > clamav 1568 0.0 1.8 37592 37008 ?? I 7:00PM 0:01.65 [mimedefang-multiple]
> > clamav 1798 0.0 1.8 37592 37008 ?? I 7:00PM 0:00.00 [mimedefang-multiple]
> >
> > All cmdline args are gone. Any thoughts ?
>
> ps or libkvm out of sync with kernel? kern.ps_arg_cache_limit set to 0
> for some reason?
World and kernel are in sync. Something
# sysctl -a kern.ps_arg_cache_limit
kern.ps_arg_cache_limit: 256
It's still strange. Could this mean that modifing id privileges looses all
cmdline args ? That's really bad if this is true.
Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041019221826.O70496>