16 Dec
2010
16 Dec
'10
12:13 p.m.
Adam,
thanks more! I was only dimly aware of the 'lsof' command.
unfortunately:
% unhide sys
Unhide 20080519
does not report the pid numbers, nor does the man page indicate a command line
'verbose' switch, nor does the unhide command generate a telltale /var/log
summary:
% ls /var/log/*hi*.
ls: No such file or directory.
and the 'lsof -p' command requires a pid argument.
I am unfortunately in no position to write code to amend this state of affairs.
Cheers,
Max
________________________________
From: Adam Spiers <bitfolk(a)adamspiers.org>
To: Max B <txtmax(a)yahoo.ca>
Cc: users(a)lists.bitfolk.com
Sent: Thu, December 16, 2010 11:58:34 AM
Subject: Re: [bitfolk] Exim remote root exploit
On 16 December 2010 11:56, Max B <txtmax(a)yahoo.ca> wrote:
I ran 'unhide sys' five times with odd
results: reports of two, one, two,
zero and one 'HIDDEN PROCESSES found', which leads me to wonder whether
'unhide' reports mismatches but does not account well for the unix scheduler
and the finite nature of time division. (A process might be declared by
unhide as 'hidden' when, in between of two lines of 'unhide' code, the
scheduler terminates a process.) The 'unhide' man page is written at too
high a level for this reader. What does one do next in this case??
Try running lsof -p on the hidden process ids.