Re: Virus and file /proc/kcore

To: Debian User Mailing List <debian-user@lists.debian.org>
Subject: Re: Virus and file /proc/kcore
From: Edward Guldemond <thedebategod@yifan.net>
Date: Sat, 10 Aug 2002 09:17:32 -0400
Message-id: <[🔎] 20020810131732.GA9761@yifan.net>
In-reply-to: <[🔎] 20020810125603.OYPH1975.lakemtao03.cox.net@smtp.east.cox.net>
References: <[🔎] 20020810125603.OYPH1975.lakemtao03.cox.net@smtp.east.cox.net>

Micheal,

The /proc partiton is a "window" into your running system.  The kmem
file is the kernel memory, so when you look at that file, you are
looking at the memory of the kernel.  This file is set to read-only by
root because not even root should be fooling around with the raw
contents of kernel memory.  In short, this file does not take up any
real disk space, and is just generated by the kernel on access.  Having
said that, you cannot change this file, and the only way to "clean" the
virus is to restart so kernel memory is cleared.  If F-Prot says that
the data in /proc/kcore is a Windows virus, we can only hope so. ;-)

-- 
------------------------------------------
Edward Guldemond

Key fingerprint:  29FF 2969 A04E F934 3F03  
                  4329 BC56 3AA7 2F57 6735

Reply to:

Follow-Ups:
- Re: Virus and file /proc/kcore
  - From: "Jan Holbo Rasmussen" <jan@horsens.frelsenshaer.dk>

References:
- Virus and file /proc/kcore
  - From: <colemw@cox.net>

Prev by Date: Re: X11 server aborting? What's happening?
Next by Date: Re: Re: Virus and file /proc/kcore
Previous by thread: Virus and file /proc/kcore
Next by thread: Re: Virus and file /proc/kcore
Index(es):
- Date
- Thread