headers
rabidblogger | 6 Aug 2012 23:18

WTF? several anon_inode and /dev/null listings with lsof search

$ lsof | grep anon_inode
anon_inode

$ lsof | grep dev/null
/dev/null

I find several anon_inodes and over a dozen /dev/null listings, in some listings for each there are several
processes which are repeated. I'm expecting this to be a rootkit, but none of the rootkit scanners find
anything. Why are these two listings appearing for various processes? I'm not running any virtual
machines, emulation, shares, printers, servers, etc. but these listings continue to appear, it doesn't
matter what Linux distro I use, these continue to show, even when disconnected from the internet.

What are they?
Why are they appearing?
How can I stop these from running? (if they're bad)

I've searched the web and cannot find anything which explains these to my satisfaction.
--

-- 
users mailing list
users <at> lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
Permalink | Reply |
headers
Ed Greshko | 7 Aug 2012 01:47

Re: WTF? several anon_inode and /dev/null listings with lsof search

On 08/07/2012 05:18 AM, rabidblogger <at> Safe-mail.net wrote:
> I've searched the web and cannot find anything which explains these to my satisfaction.

I don't know....  But I have lots of them (3496) belonging to processes such as kded4, knotify4, konsole,
pulseaudio, chrome, thunderbird, and others....  So, I'm sure it simply is due to using a common system call......

Besides, you asked the same question on OpenSUSE.

-- 
Programming today is a race between software engineers striving to build bigger and better idiot-proof
programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. --
Rick Cook, The Wizardry Compiled
--

-- 
users mailing list
users <at> lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
Permalink | Reply |
headers
Mikkel L. Ellertson | 7 Aug 2012 03:58
Picon

Re: WTF? several anon_inode and /dev/null listings with lsof search


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/06/2012 06:47 PM, Ed Greshko wrote:
> On 08/07/2012 05:18 AM, rabidblogger <at> Safe-mail.net wrote:
>> I've searched the web and cannot find anything which explains
these to my satisfaction.
>
> I don't know.... But I have lots of them (3496) belonging to
processes such as kded4, knotify4, konsole, pulseaudio, chrome,
thunderbird, and others.... So, I'm sure it simply is due to using a
common system call......
>
> Besides, you asked the same question on OpenSUSE.
>
Process starting with their output redirected to /dev/null? I know
it is used a lot in batch files where you do want any of the version
or identification output of a program - just the return code and
whatever the program does. It is also sometimes used to send any
error output to the bit bucket.

Another common use is in cron jobs - you only want output if there
is an error, or any output to be output through syslog. Normal
program output would generate an unwanted e-mail message from the
cron job.

Mikkel
- -- 
Do not meddle in the affairs of dragons, for thou art crunchy and
(Continue reading)

Permalink | Reply |

Gmane