On Sun, 26 Oct 2003 (14:19), Nikolai Buer wrote:
> It could be a bug in the rootkit, but might it not also be a bug in
> the software?
I think the software bug is the right answer, I'm getting the same
result on my testing machine:
dan@DeeJay:~$ ps aux | head
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 1460 452 ? S 11:15 0:04 init
root 2 0.0 0.0 0 0 ? SW 11:15 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SW 11:15 0:00 [kapmd]
root 0 0.0 0.0 0 0 ? SWN 11:15 0:00 [ksoftirqd_CPU0]
root 0 0.0 0.0 0 0 ? SW 11:15 0:05 [kswapd]
root 0 0.0 0.0 0 0 ? SW 11:15 0:00 [bdflush]
root 0 0.0 0.0 0 0 ? SW 11:15 0:00 [kupdated]
root 9 0.0 0.0 0 0 ? SW 11:15 0:00 [khubd]
root 12 0.0 0.0 0 0 ? SW 11:15 0:01 [kjournald]
The zero-pid processes are the same you have on your machine. Maybe some
kind of bug in ps? top is reporting the correct pid for each of them:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 8 0 480 452 428 S 0.0 0.2 0:04.38 init
2 root 9 0 0 0 0 S 0.0 0.0 0:00.38 keventd
3 root 9 0 0 0 0 S 0.0 0.0 0:00.04 kapmd
4 root 19 19 0 0 0 S 0.0 0.0 0:00.12 ksoftirqd_CPU0
5 root 9 0 0 0 0 S 0.0 0.0 0:05.06 kswapd
6 root 9 0 0 0 0 S 0.0 0.0 0:00.00 bdflush
7 root 9 0 0 0 0 S 0.0 0.0 0:00.05 kupdated
Regards,
Daniele
--
Free your mind
GNU/Linux registered user #219615 @ GNU/Linux registered machine #103942
Attachment:
signature.asc
Description: Digital signature