From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020809

Description of problem:
Under Red Hat versions prior to 8.0, the output of "ps ax" and the list of
processes under /proc were roughly the same (given processes starting and
exiting during comparison) and some packages have been using this to evaluate ps
to determine if it has been compromised by a root kit. I have a tool that starts
with ps, then uses /proc then uses kill to look for hidden processes, and since
Red Hat 8.0 it's basically useless becuase it reports dozens of "hidden"
processes based on the output of ps.

I tried various other arguments (e.g. "ps agx", "ps ag", etc) and nothing seems
to work. Interestingly if I take one of the processes that are listed in /proc,
but not ps, and do a "ps ax --pid <pid>" it does not show up, but if I do a "ps
--pid <pid>" it does.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. ps ax
2. ls -d /proc/[0-9]*
3. compare the two
	

Actual Results:  Differences occur.


Expected Results:  No or very few differences.


Additional info: