Re: Invisible threads in 2.6.9

[Nuno Silva]

Patryk Jakubowski wrote:

...

> When I run it, the system (predictably) goes to ~100% CPU utilization,
> but there seems to be no way to find out who is hogging the CPU with
> top(1), ps(1), or anything else. All they can show is the main thread in
> zombie state, consuming 0% CPU.
>
> Is this correct behaviour of linux?
> Would not this allow user space programs to hide running executions?
> This could be an opportunity for spyware to infect the machine and hide
> itself perhaps? Hope I'm wrong here!
>
> If this is the bug in kernel (procfs?)  I can give you my configuration
> and resulting behaviour.

Yes, that's the new method trojans are using to hide tasks... No need to 
install complicated kernel modules anymore :-)

More seriously: That's a problem with current procps utils... They just 
don't show them. I can't complain too much because I'm not doing any 
code, but it would be nice to have a working top...

As a workaround, to at least see the threads without inspecting /proc 
directly, you can use the 'm' and 'H' flags to ps, i.e.

$ ps auwxH

Regards,
Nuno Silva

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/