Re: What kind of process is this ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Im sure:

$ rpm -Vf /bin/ps

and, its ok

2010/1/19 Juan Leaniz <juan.leaniz@xxxxxxxxx>:
> Did you check /bin/ps's timestamp to make sure it wasn't modified or
> replaced? Are you able to see the process if you use lsof ?
>
> On Tue, Jan 19, 2010 at 8:46 PM, Yago Jesus <yjesus@xxxxxxxxxxxxxxxxxxxxx>
> wrote:
>>
>> Hi,
>>
>> Playing with Unhide (http://www.security-projects.com/?Unhide) I have
>> found a very strange process (and I think im not rooted lol).
>>
>> Unhide reports this:
>>
>> Found HIDDEN PID: 24111
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24112
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24115
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24118
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24121
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> Found HIDDEN PID: 24122
>> Command: /usr/lib/opera/operapluginwrapper-ia32-linux
>>
>> If I search -for example- in /proc/24111 directory exists and appears a
>> legitimate process ...
>>
>> But, here is the weird issue, I can´t find it using PS
>>
>> I have tried :
>>
>> #ps -eL | grep 24111
>>
>> #ps axT | grep 24111
>>
>> #ps -aHT | grep 24111
>>
>> I think it is not a 'normal' process, nor a thread, nor a session leader,
>> nor a pgrp ...
>>
>> But, surprise ! , I was able to find it using pstree
>>
>> $ pstree -c -p | grep opera
>>       |-opera(28600)-+-operapluginclea(28937)
>>       |              |-operapluginwrap(30602)
>>       |              |-{opera}(28630)
>>       |              `-{opera}(28873)
>>       |-operapluginwrap(23493)-+-operapluginwrap(24641)
>>       |                        |-{operapluginwrap}(24111)
>>       |                        |-{operapluginwrap}(24112)
>>       |                        |-{operapluginwrap}(24115)
>>       |                        |-{operapluginwrap}(24118)
>>       |                        |-{operapluginwrap}(24121)
>>       |                        `-{operapluginwrap}(24122)
>>
>> More info:
>>
>> $ uname -a
>> Linux centrino 2.6.27.25-78.2.56.fc9.i686.PAE #1 SMP Thu Jun 18
>> 12:36:07 EDT 2009 i686 i686 i386 GNU/Linux
>>
>>
>> $ rpm -qf /bin/ps
>> procps-3.2.7-20.fc9.i386
>>
>>
>> Thanks !
>> --
>> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
>> the body of a message to majordomo@xxxxxxxxxxxxxxx
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Newbie]     [Audio]     [Hams]     [Kernel Newbies]     [Util Linux NG]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Device Drivers]     [Samba]     [Video 4 Linux]     [Git]     [Fedora Users]

  Powered by Linux