On Wednesday 07 May 2003 22:31, Paul Kozlenko wrote:
On Wednesday 07 May 2003 18:58, GertJan Spoelman wrote:
On Thursday 08 May 2003 00:12, Paul Kozlenko wrote:
FWIW netstat -patn|grep 33270 gives me:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:33270 0.0.0.0:* LISTEN - (I added the headers in for clarity)
You're probably running a kernel which has the fix for the ptrace hole. The downside of that fix was that even root doesn't seem to have the right to show the information for all processes anymore, for example if I look at nfs which uses port 2049 I see the same, there is no PID or Program name shown for that port. On my systems I also see such lines for high ports, I don't know which process uses them, but you should be able to find that out by shutting them down one by one and watch when that port disappears. --
GertJan
Email address is invalid, so don't reply directly, I'm on the list.
My kernel version is Linux version 2.4.19-4GB (SuSE 8.1 Professional) How do I find out if this has the "ptrace hole" fix?
- Paul
More info (... reminder to self, always check log files ....) /var/log/warn contains a line: May 7 22:00:07 machinename kernel: lockd: connect from unprivileged port: 172.20.43.21:52353 For each attempted connect. This is a good thing that this is detected. YES? Does it mean that I am safe though? - Paul