chkproc giving false positives for threads?

---

• From: "robb@xxxxxxx" <robb@xxxxxxx>
• Date: 19 Oct 2006 22:02:16 -0700

---

Hi,

I run the latest chkrootkit/chkproc on my system and it reports 55
processes hidden from ps.

I look in the /proc directory and I don't see any hidden files.

I do a find /proc and grep for the suspicious process numbers, and
they all turn out to be (non-hidden) entries in a subdirectory:

/proc/[number]/task/[suspicious-number]

AFAIK, the "task" subdir is for threads. And, the main process in
question is a Java server process (tomcat) which most likely DOES do
multi-threading.

Could this be an oversight by the authors of chkproc?

.

---

• Follow-Ups:
  • Re: chkproc giving false positives for threads?
    • From: Moe Trin

• Prev by Date: Re: too much encryption
• Next by Date: Re: too much encryption
• Previous by thread: new security and unix news project
• Next by thread: Re: chkproc giving false positives for threads?
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2006-10