Re: unknown process

Subject: Re: unknown process
From: Jochen Bauer (jtbTHEO2.PHYSIK.UNI-STUTTGART.DE)
Date: Fri Jan 21 2000 - 11:00:29 CST

• Next message: Emma Natividad: "unknown process"
• Previous message: CyberPsychotic: "Re: Secure coding in C (was Re: Administrivia #4883)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 21, 2000 at 03:39:15PM +0100, Emma Natividad wrote:
> I'm administering a Linux sendmail, and today I've observed a strange
> activity, when running ps, I have found a process that looks as follows:
>
> root 350 0.0 0.9 2188 1212 ? Jan 20 0:00 -:0
>
> This -:0 appears instead of a a service...could anyone tell me what does it
> mean?....

It's the display manager. If you change directory to /proc/[pid]
(that's /proc/350 in your case) and do a "ls -l" as root, you will
get something like

[...]
lrwx------ 1 root root 0 Jan 21 17:55 exe ->
/usr/X11R6/bin/xdm
[...]

which shows you the binary that the process was created from.
BTW: -:0 is the Display number.

--
Jochen Bauer
Security Team (RUS-CERT)
Computer Center of the University of Stuttgart
Germany
************************************************************************
*Email: jtbtheo2.physik.uni-stuttgart.de                              *
*       jochen.bauerrus.uni-stuttgart.de                              *
*                                                                      *
*PGP Public Key:                                                       *
*http://ca.uni-stuttgart.de:11371/pks/lookup?op=index&search=0xB5D92889*
************************************************************************

• Next message: Emma Natividad: "unknown process"
• Previous message: CyberPsychotic: "Re: Secure coding in C (was Re: Administrivia #4883)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Jan 21 2000 - 11:04:59 CST