Re: chkrootkit detects hidden processes in mozilla-firefox and xmms

To: Shaul Karl <shaulk@actcom.net.il>
Cc: debian-user@lists.debian.org
Subject: Re: chkrootkit detects hidden processes in mozilla-firefox and xmms
From: Rick Luddy <rick@nwcath.org>
Date: Tue, 02 Mar 2004 19:38:57 -0500
Message-id: <[🔎] E1AyKPZ-0005NZ-00@debian>
In-reply-to: <[🔎] 20040302235236.GK12509@rakefet>

   > I'm not entirely sure whether this is normal behavior, a
   > symptom of possible badness, or simple user error.  I'm a bit
   > worried it might mean my  system has been compromised.  Any help
   > or explanation would be greatly appreciated.

     You might be interested in http://bugs.debian.org/222179. I
   wonder if there is a process with a pid of {4125,4126,4127} that
   have tasks with a pid of 4128 and 4129.

Thanks, that turns out to be the case.  Checking now I see all of the
"hidden" processes under /proc/N/task of the related process.

I had known about the [now-fixed, I think] bug in chkrootkit where it
thought ksoftirqd and a few other kernel things were suspicious, but
I didn't know about it getting confused by user things.

My blood pressure is down a lot now, thanks again!

Reply to:

References:
- Re: chkrootkit detects hidden processes in mozilla-firefox and xmms
  - From: Shaul Karl <shaulk@actcom.net.il>

Prev by Date: Re: qmail anti-virus
Next by Date: Re: md: can not impport hdb1, has active inodes!
Previous by thread: Re: chkrootkit detects hidden processes in mozilla-firefox and xmms
Next by thread: Re: chkrootkit detects hidden processes in mozilla-firefox and xmms
Index(es):
- Date
- Thread