Re: rooted ?
From: Oliver Baltzer (racon_at_init.ca)
Date: 09/10/04
- Previous message: Scott Fagg: "RE: rooted ?"
- In reply to: Jason Rusch: "rooted ?"
- Next in thread: Coleman: "Re: rooted ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Sep 2004 08:35:31 -0300 To: Jason Rusch <kerberos_daemon@infosec-rusch.com>
Hi Jason:
On 09-Sep-2004 12:21 -0000, Jason Rusch was heard to say:
> The strange part is, is that the one ran from source showed everything to
> be ok, the rpm showed 23-35 hidden processes, possible LKM rootkit
> installed.
I had a similar report of chkrootkit on a server-only machine. How it
turned out, the hidden processes were threads spawned by Apache and Co and
chkrootkit just had a problem with threads. I think this is actually only
an issue with the 2.6 kernel series.
That the behaviour you report only occurs when you start the X windowing
system, has most likely something to do with many UI applications are
heavily multi-threaded, that would also explain that all the processes run
with your UID.
I do not think there is anything to worry for you.
Regards,
Oliver
-- Oliver Baltzer .web > http://racon.net/ .pgp > 0xBDF13578 C++ is as natural as a language needs to be. -- P.F.S.
- application/pgp-signature attachment: Digital signature
- Previous message: Scott Fagg: "RE: rooted ?"
- In reply to: Jason Rusch: "rooted ?"
- Next in thread: Coleman: "Re: rooted ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
