Re: R?spuns: R?spuns: finding hidden processes

To: Tarjei Huse <tarjei@nu.no>
Cc: debian-security@lists.debian.org
Subject: Re: R?spuns: R?spuns: finding hidden processes
From: Uriah Welcome <precision@valinux.com>
Date: Mon, 3 Dec 2001 14:22:06 -0800
Message-id: <[🔎] 20011203142206.C5787@valinux.com>
In-reply-to: <[🔎] 3C0BF673.DD6359B1@nu.no>; from tarjei@nu.no on Mon, Dec 03, 2001 at 11:02:27PM +0100
References: <[🔎] MBBBIFHBACAKPOHJOIKECEANCAAA.petredaniel@yahoo.com> <[🔎] 3C0BF673.DD6359B1@nu.no>

On Mon, Dec 03, 2001 at 11:02:27PM +0100, Tarjei Huse wrote:
> Thanks to everyone who answered. I think I found the answer:
> 
> I got three apps who has been installed --with-prefix=/usr/local/appname
> 
> Their pidfiles will then be in /usr/local/app/var/ not?
> 
> Thus they will not be in the mentioned places, am I correct?
> 
> (suspecting I am not ;( )
> 

No.. chkrootkit tries to look for processes in /proc not their normal pid
files.. basically what it does is tries to cd to /proc/(1..65535)/ and
reports any errors as hidden processes..

-- 
- U

"Any setuid root program that does an exec() somewhere is just a less 
user friendly version of su."   -- Olaf Kirch on bugtraq 2000-08-07
 1024D/6388D686   7928 83A9 16CD 52FD F77F  11ED FC04 B683 6388 D686

Reply to:

References:
- Rãspuns: Rãspuns: finding hidden processes
  - From: "Petre Daniel" <petredaniel@yahoo.com>
- Re: Rãspuns: Rãspuns: finding hidden processes
  - From: Tarjei Huse <tarjei@nu.no>

Prev by Date: Re: Rãspuns: Rãspuns: finding hidden processes
Next by Date: Re: finding hidden processes
Previous by thread: Re: Rãspuns: Rãspuns: finding hidden processes
Next by thread: Re: VI wrapper for SUDO?
Index(es):
- Date
- Thread