Hi, Playing with Unhide (http://www.security-projects.com/?Unhide) I have found a very strange process (and I think im not rooted lol). Unhide reports this: Found HIDDEN PID: 24111 Command: /usr/lib/opera/operapluginwrapper-ia32-linux Found HIDDEN PID: 24112 Command: /usr/lib/opera/operapluginwrapper-ia32-linux Found HIDDEN PID: 24115 Command: /usr/lib/opera/operapluginwrapper-ia32-linux Found HIDDEN PID: 24118 Command: /usr/lib/opera/operapluginwrapper-ia32-linux Found HIDDEN PID: 24121 Command: /usr/lib/opera/operapluginwrapper-ia32-linux Found HIDDEN PID: 24122 Command: /usr/lib/opera/operapluginwrapper-ia32-linux If I search -for example- in /proc/24111 directory exists and appears a legitimate process ... But, here is the weird issue, I can´t find it using PS I have tried : #ps -eL | grep 24111 #ps axT | grep 24111 #ps -aHT | grep 24111 I think it is not a 'normal' process, nor a thread, nor a session leader, nor a pgrp ... But, surprise ! , I was able to find it using pstree $ pstree -c -p | grep opera |-opera(28600)-+-operapluginclea(28937) | |-operapluginwrap(30602) | |-{opera}(28630) | `-{opera}(28873) |-operapluginwrap(23493)-+-operapluginwrap(24641) | |-{operapluginwrap}(24111) | |-{operapluginwrap}(24112) | |-{operapluginwrap}(24115) | |-{operapluginwrap}(24118) | |-{operapluginwrap}(24121) | `-{operapluginwrap}(24122) More info: $ uname -a Linux centrino 2.6.27.25-78.2.56.fc9.i686.PAE #1 SMP Thu Jun 18 12:36:07 EDT 2009 i686 i686 i386 GNU/Linux $ rpm -qf /bin/ps procps-3.2.7-20.fc9.i386 Thanks ! -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
