<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I will be looking up bioset pids in /proc when my attention span
improves, some time tomorrow.<br>
<br>
<div class="moz-cite-prefix">On 01/26/2016 09:51 PM, Alice . wrote:<br>
</div>
<blockquote
cite="mid:CAKR9pv_zMZDWdeTXVY=fiLm-FF4+7TaTu0j-nnZL1xzYkU70BA@mail.gmail.com"
type="cite">
<p dir="ltr">I was going to reply with something similar but more
terse. We are assuming that the thing running on your machine is
actually the kernel thread discussed and not just some process
calling itself bioset. That should be pretty easy to spot
though.</p>
<p dir="ltr">A common trick for hiding malware on the Microsoft
Windows platform is giving it a name of a system process you'd
expect to see running.</p>
<p dir="ltr">Regards<br>
Alice<br>
</p>
<div class="gmail_quote">On 26 Jan 2016 9:33 pm, "David Spencer"
<<a moz-do-not-send="true"
href="mailto:baildon.research@googlemail.com">baildon.research@googlemail.com</a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">> Can
anyone tell what a process calling itself [bioset] is. I have
a couple<br>
> dozen of them running as root and can do nothing about
them. My distro's<br>
> forums say that they are a kernel process and are
involved in mounting<br>
> certain kinds of encrypted file.<br>
> Does anyone know any better?<br>
<br>
Kernel threads; not, strictly speaking, processes.<br>
There is, supposedly, one for each block device.<br>
'bio' = block i/o<br>
<br>
They aren't *specifically* related to mounting certain kinds
of<br>
encrypted file. Basically, everything disky-wisky will entail
block<br>
i/o. Look for everything under /dev that starts with a 'b' in
'ls -l'.<br>
Threads for each of them will come and go... well, not so much
of the<br>
go, apparently, but still. You definitely want to "do nothing
about<br>
them" even if you could choose to do something -- which you
can't.<br>
<br>
This recent innovation (stuff got refactored a bit) is not<br>
particularly pretty, but neither were all those other theads
like<br>
'[kworker/...]' and we've sort-of got used to those by now.
Cheer up,<br>
in another ten years you won't notice them; by then, either
the block<br>
layer code will have got refactored a few more times, or there
will be<br>
hundreds more ruddy threads burying them.<br>
<br>
Tarra<br>
-D.<br>
<br>
_______________________________________________<br>
Bradford mailing list<br>
<a moz-do-not-send="true"
href="mailto:Bradford@mailman.lug.org.uk">Bradford@mailman.lug.org.uk</a><br>
<a moz-do-not-send="true"
href="https://mailman.lug.org.uk/mailman/listinfo/bradford"
rel="noreferrer" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/bradford</a><br>
</blockquote>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
Darren Menachem Drapkin</pre>
</body>
</html>