From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020809 Description of problem: Under Red Hat versions prior to 8.0, the output of "ps ax" and the list of processes under /proc were roughly the same (given processes starting and exiting during comparison) and some packages have been using this to evaluate ps to determine if it has been compromised by a root kit. I have a tool that starts with ps, then uses /proc then uses kill to look for hidden processes, and since Red Hat 8.0 it's basically useless becuase it reports dozens of "hidden" processes based on the output of ps. I tried various other arguments (e.g. "ps agx", "ps ag", etc) and nothing seems to work. Interestingly if I take one of the processes that are listed in /proc, but not ps, and do a "ps ax --pid <pid>" it does not show up, but if I do a "ps --pid <pid>" it does. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. ps ax 2. ls -d /proc/[0-9]* 3. compare the two Actual Results: Differences occur. Expected Results: No or very few differences. Additional info:
This is a feature, and is mentioned in the release notes. If you want to see every thread of each process, use the -m flag.
*** Bug 82757 has been marked as a duplicate of this bug. ***