Bug 26945 - unhide finding invalid HIDDEN PID items.
Summary: unhide finding invalid HIDDEN PID items.
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Jani Välimaa
QA Contact:
URL: https://github.com/YJesus/Unhide-NG/i...
Whiteboard:
Keywords: UPSTREAM
Depends on:
Blocks:
 
Reported: 2020-07-13 15:33 CEST by Bit Twister
Modified: 2021-01-12 18:15 CET (History)
0 users

See Also:
Source RPM: unhide-20200120-1.mga8.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bit Twister 2020-07-13 15:33:50 CEST 
Description of problem: mg8 alpha1

unhide finding invalid  HIDDEN PID items. I get 451 hits.
Two examples:

[*]Starting scanning using brute force against PIDS with fork()


Found HIDDEN PID: 4150500
	Cmdline: "<none>"
	Executable: "<no link>"
	"<none>  ... maybe a transitory process"

Found HIDDEN PID: 4150506

Also note the above pid values. Way too large.

Version-Release number of selected component (if applicable):


How reproducible: Always


Steps to Reproduce:
1. unhide --brute
May take a minute to start seeing messages.
Comment 1 Jani Välimaa 2020-07-13 16:55:55 CEST 
Better to report this to upstream:
https://github.com/YJesus/Unhide-NG/issues
Comment 2 Bit Twister 2020-07-13 21:59:49 CEST 
(In reply to Jani Välimaa from comment #1)
> Better to report this to upstream:
> https://github.com/YJesus/Unhide-NG/issues

Thank you. Posted at
https://github.com/YJesus/Unhide-NG/issues/3\
David Walser 2020-07-14 23:30:05 CEST

Keywords: (none) => UPSTREAM
URL: (none) => https://github.com/YJesus/Unhide-NG/issues/3

Comment 3 Lewis Smith 2020-07-17 22:27:30 CEST 
I notice: new version 20200120 very recently. Is the bug from that?
> # unhide --brute
> May take a minute to start seeing messages.
I tried this, and saw nothing after several minutes!

Assigning this to wally, the active maintainer for this.

Assignee: bugsquad => jani.valimaa

Comment 4 Bit Twister 2020-07-17 23:03:51 CEST 
(In reply to Lewis Smith from comment #3)
> I notice: new version 20200120 very recently. Is the bug from that?

Yup, src rpm matches that number.


> > # unhide --brute
> > May take a minute to start seeing messages.
> I tried this, and saw nothing after several minutes!


Runtime may be dependent on hardware. My cpu is a
AMD Athlon(tm) II X2 215 Processor

#   cpupower frequency-info | grep  ' CPU frequency:'
  current CPU frequency: 2.70 GHz (asserted by call to hardware)

# time unhide --brute
   <snip>

Found HIDDEN PID: 3058249
        Cmdline: "<none>"
        Executable: "<no link>"
        "<none>  ... maybe a transitory process"

real    4m41.666s
user    1m7.104s
sys     3m54.733s
Comment 5 Bit Twister 2021-01-12 11:52:45 CET 
Latest clean mga8-rc shows no hidden PID message.

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Comment 6 Jani Välimaa 2021-01-12 18:15:46 CET 
Unhide was reverted to the latest official release 20130526.

20200120 was Unhide-NG release. From Unhide-NG README.txt:
"IMPORTANT NOTE : 
Unhide-NG is not (yet) the updated version of Unhide.
Unhide-NG is a lab project that in an indeterminate future may replace Unhide."
Note You need to log in before you can comment on or make changes to this bug.