On 09-Sep-2004 12:21 -0000, Jason Rusch was heard to say:
> The strange part is, is that the one ran from source showed everything to
> be ok, the rpm showed 23-35 hidden processes, possible LKM rootkit
> installed.
I had a similar report of chkrootkit on a server-only machine. How it
turned out, the hidden processes were threads spawned by Apache and Co and
chkrootkit just had a problem with threads. I think this is actually only
an issue with the 2.6 kernel series.
That the behaviour you report only occurs when you start the X windowing
system, has most likely something to do with many UI applications are
heavily multi-threaded, that would also explain that all the processes run
with your UID.
I do not think there is anything to worry for you.
Regards,
Oliver
--
Oliver Baltzer
.web > http://racon.net/
.pgp > 0xBDF13578
C++ is as natural as a language needs to be.
-- P.F.S.
On 09-Sep-2004 12:21 -0000, Jason Rusch was heard to say:
> The strange part is, is that the one ran from source showed everything to
> be ok, the rpm showed 23-35 hidden processes, possible LKM rootkit
> installed.
I had a similar report of chkrootkit on a server-only machine. How it
turned out, the hidden processes were threads spawned by Apache and Co and
chkrootkit just had a problem with threads. I think this is actually only
an issue with the 2.6 kernel series.
That the behaviour you report only occurs when you start the X windowing
system, has most likely something to do with many UI applications are
heavily multi-threaded, that would also explain that all the processes run
with your UID.
I do not think there is anything to worry for you.
Regards,
Oliver
--
Oliver Baltzer
.web > http://racon.net/
.pgp > 0xBDF13578
C++ is as natural as a language needs to be.
-- P.F.S.
[ reply ]