Re: Detecting threads vs processes with ps or /proc

From: Jeremy Fitzhardinge (
Date: Mon Dec 09 2002 - 11:27:33 EST

On Fri, 2002-12-06 at 12:09, Robert Love wrote:
> One thing to note: if you can modify the kernel and procps, you can just
> export the value of task->mm out of /proc. It is a gross hack, and
> perhaps a security issue, but that will work 100%. Same ->mm implies
> thread.

It isn't a terribly gross hack. I have a patch (somewhere...) which
adds an ASID: field to /proc/<pid>/status, which simply contains the mm
pointer (as an opaque identifier token). If you were worried about
exposing (yet another) kernel pointer value, I suppose you could mush it
about a bit, but I think that would give the illusion of obscurity
rather than any actual increase in security.


