Bug 80611 - possible bug in procps-2.0.7-25.i386.rpm?
Summary: possible bug in procps-2.0.7-25.i386.rpm?
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: procps (Show other bugs)
(Show other bugs)
Version: 8.0
Hardware: i686 Linux
medium
medium
Target Milestone: ---
Assignee: Alexander Larsson
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-12-28 18:22 UTC by Need Real Name
Modified: 2007-04-18 16:49 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-01-06 13:02:15 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2002-12-28 18:22:32 UTC
Description of problem:

ps is accused of possibly being infected with the lkm worm by the latest
chkrootkit-0.38

Version-Release number of selected component (if applicable):
procps-2.0.7-25.i386.rpm

How reproducible:
Run the latest chkrootkit-0.38

Steps to Reproduce:
1. run chkrootkit-0.38.
2. look at things with kpm.
3. note kpm see's processes that ps -ea doesn't.
    
Actual results:

With gkrellm and mozilla-1.01 running, chkrootkits './chkproc -v -v'
will report 6 processes that are hidden by ps.  One will be a 2nd copy of
gkrellm, and 5 will be mozilla children.

Expected results:

No hidden processes.

Additional info:

gnorpm's verify function says procps is exactly the same as the rpm installed it.
Reverting to the 7.3 supplied version of procps-2.0.7-12.i386.rpm apparently
fixes everything.

Comment 1 Miloslav Trmac 2002-12-28 21:08:14 UTC
If you read the release notes, you would notice that
ps hides threads of a single process by default, unless
you use the -m parameter (IIRC).

Comment 2 Alexander Larsson 2003-01-06 13:02:15 UTC
Yes, the pids hidden are the threads. Use -m to see them.


Note You need to log in before you can comment on or make changes to this bug.