| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 May 2007 09:06:47 -0700 From: Andrew Redman <aredman@...cation.ucsb.edu> To: matador matador <m4t4d00r@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Mac OS X "ps(3)" and "top(3)" truncate output Try piping the output of ps to less or another pager that can scroll horizontally. - Andrew matador matador wrote: > I saw a strange behaviour on "ps" and on "top" output in Mac OS X > 10.4.9 Version. > > Let's see how it is: > > rfc-1918:~ xxx$ ps aux > ps_output > rfc-1918:~ xxx$ cat ps_output > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > xxx 587 8.0 5.4 185848 28488 ?? S 2:55PM 7:20.43 /Applications/iTune > xxx 196 0.7 2.0 186176 10324 ?? S 11:04AM 2:36.06 /Applications/Utili > . > . > > we can see that "ps" doesn't print completely the path. > > So if we pipe the "ps" with "grep" something if the path it's long we > can find the specific process. > > rfc-1918:~ xxx$ cat ps_output | grep iTunes > rfc-1918:~ xxx$ cat ps_output | grep iTune > xxx 587 8.0 5.4 185848 28488 ?? S 2:55PM 7:20.43 /Applications/iTune > xxx 185 0.0 0.2 124980 880 ?? S 10:26AM 0:00.22 /Applications/iTune > > If we let the terminal window wider we are still limited by monitor > width. > > Linux user would like to use "top" command...but... > > 60 coreservic 0.0% 0:03.27 3 114 163 924K 11.7M 2.95M 40.3M > 57 WindowServ 5.1% 9:54.91 2 343 646 5.82M- 32.7M- 33.6M- 242M- > 50 DirectoryS 0.0% 0:01.10 4 65 40 372K 1.01M 1.09M 30.1M > > we can see that "top" have the same problem, it truncates the process > name. > > These issues open an user-space rootkit scenario. > > Regards > > > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists