Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Oct 2004 13:50:44 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Martin Blapp <mb@imp.ch>
Cc:        Dan Nelson <dnelson@allantgroup.com>
Subject:   Re: Showstopper ? Userland prozesses showing up as kernelprocesses with AMD opterons ?
Message-ID:  <41757E24.1020704@elischer.org>
In-Reply-To: <20041019221826.O70496@cvs.imp.ch>
References:  <20041019105211.G5193@cvs.imp.ch> <20041019183938.GA83510@dan.emsphone.com> <20041019221826.O70496@cvs.imp.ch>
next in thread | previous in thread | raw e-mail | index | archive | help 


Martin Blapp wrote:

>Hi,
>
>  
>
>>What are you seeing that identifies it as a kernel process?  The only
>>way I know of determining that from ps is "ps axlo flags", and looking
>>for processes with the 0x200 bit set.
>>    
>>
>
>bind         729  0.0  0.8 17356 16808  ??  Ss    4:12PM   0:18.27 [rbldnsd]            100
>clamav      2672  0.0  1.8 37684 36644  ??  I     4:16PM   0:00.00 [mimedefang-mult     100
>clamav      2625  0.0  1.8 37684 36644  ??  I     4:16PM   0:00.00 [mimedefang-mult     100
>
>Correct. Those are not kernel processes, they only have 0x100 as flag which
>means;
>
>
>               P_SUGID             0x00100      Had set id privileges since
>                                                last exec
>
>
>  
>
>>>clamav  1568  0.0  1.8 37592 37008  ??  I     7:00PM   0:01.65 [mimedefang-multiple]
>>>clamav  1798  0.0  1.8 37592 37008  ??  I     7:00PM   0:00.00 [mimedefang-multiple]
>>>
>>>All cmdline args are gone. Any thoughts ?
>>>      
>>>
>>ps or libkvm out of sync with kernel?  kern.ps_arg_cache_limit set to 0
>>for some reason?
>>    
>>
>
>World and kernel are in sync. Something
>
># sysctl -a kern.ps_arg_cache_limit
>kern.ps_arg_cache_limit: 256
>
>It's still strange. Could this mean that modifing id privileges looses all
>cmdline args ? That's really bad if this is true.
>

are you doing the ps as root?

>
>Martin
>_______________________________________________
>freebsd-current@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-current
>To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>  
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41757E24.1020704>