[Bradford] what is [bioset] ?

Darren Menachem Drapkin darren.drapkin at ntlworld.com
Tue Jan 26 22:21:53 UTC 2016


I will be  looking up bioset pids in /proc when my attention span 
improves, some time tomorrow.

On 01/26/2016 09:51 PM, Alice . wrote:
>
> I was going to reply with something similar but more terse. We are 
> assuming that the thing running on your machine is actually the kernel 
> thread discussed and not just some process calling itself bioset. That 
> should be pretty easy to spot though.
>
> A common trick for hiding malware on the Microsoft Windows platform is 
> giving it a name of a system process you'd expect to see running.
>
> Regards
> Alice
>
> On 26 Jan 2016 9:33 pm, "David Spencer" 
> <baildon.research at googlemail.com 
> <mailto:baildon.research at googlemail.com>> wrote:
>
>     > Can anyone tell what a process calling itself [bioset] is. I
>     have a couple
>     > dozen of them running as root and can do nothing about them. My
>     distro's
>     > forums say that they are a kernel process and are involved in
>     mounting
>     > certain kinds of  encrypted file.
>     > Does anyone know any better?
>
>     Kernel threads; not, strictly speaking, processes.
>     There is, supposedly, one for each block device.
>     'bio' = block i/o
>
>     They aren't *specifically* related to mounting certain kinds of
>     encrypted file. Basically, everything disky-wisky will entail block
>     i/o. Look for everything under /dev that starts with a 'b' in 'ls -l'.
>     Threads for each of them will come and go... well, not so much of the
>     go, apparently, but still.  You definitely want to "do nothing about
>     them" even if you could choose to do something -- which you can't.
>
>     This recent innovation (stuff got refactored a bit) is not
>     particularly pretty, but neither were all those other theads like
>     '[kworker/...]' and we've sort-of got used to those by now. Cheer up,
>     in another ten years you won't notice them; by then, either the block
>     layer code will have got refactored a few more times, or there will be
>     hundreds more ruddy threads burying them.
>
>     Tarra
>     -D.
>
>     _______________________________________________
>     Bradford mailing list
>     Bradford at mailman.lug.org.uk <mailto:Bradford at mailman.lug.org.uk>
>     https://mailman.lug.org.uk/mailman/listinfo/bradford
>

-- 
--
Darren Menachem Drapkin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/bradford/attachments/20160126/7871c35f/attachment.html>


More information about the Bradford mailing list