>I was able to reproduce the problem on a SPARC 5/85 running Solaris 2.5 BETA >within approximately 2.5 minutes when using /usr/bin/ps >I was not very successful in doing so with /usr/ucb/ps. But then again, may >be I haven't let the job run long enough. >Dave This is also the case on Solaris 2.3 and 2.4. /usr/bin/ps is easily compromised, while /usr/ucb/ps is not. I ran the job all night on a machine running Solaris2.3, using /usr/ucb/ps, without success. However, doing a truss on both /usr/bin/ps and /usr/ucb/ps reveals what looks to me like identical procedures for dealing with the /tmp/ps* files: partial output from truss /usr/bin/ps (after /tmp/ps_data removed): getpid() = 26224 [26223] access("/tmp/ps.a006Pk", 0) Err#2 ENOENT open("/tmp/ps.a006Pk", O_WRONLY|O_CREAT|O_EXCL, 0664) = 3 chown("/tmp/ps.a006Pk", 0, 3) = 0 write(3, "\0\001 s", 4) = 4 write(3, " p t s / 0\0\0\0\0\0\0\0".., 7420) = 7420 close(3) = 0 rename("/tmp/ps.a006Pk", "/tmp/ps_data") = 0 Partial output from truss /usr/ucb/ps (after /tmp/ups_data removed): getpid() = 26089 [26088] access("/tmp/ps.a006Nd", 0) Err#2 ENOENT open("/tmp/ps.a006Nd", O_WRONLY|O_CREAT|O_EXCL, 0664) = 4 chown("/tmp/ps.a006Nd", 0, 3) = 0 write(4, "\0\001 s", 4) = 4 write(4, " p t s / 0\0\0\0\0\0\0\0".., 7420) = 7420 write(4, "\0\0 $FC", 4) = 4 write(4, " P R _ S I Z E\0\0\0\0\0".., 189360) = 189360 write(4, "\0\0\004F006D998F0\t l10".., 40) = 40 close(4) = 0 rename("/tmp/ps.a006Nd", "/tmp/ups_data") = 0 My question is: Why doesn't the psrace program work on /usr/ucb/ps ? Arve Kjoelen, System Administrator, Electrical Engineering Dept., Southern Illinois University at Edwardsville, 618-692-2524 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAvqdwAAAEEAKRdBFn7O/h+wz3tOQwHWvaFKS6gi+UezzCXli/QnuCrJcUE agvlVVZ/PzKG5i23VdbghyHsVElvKzRW/D1pYor6xSluCftXzSxbCuiEIe2SXUsH 65AqFN688upXzRKHcq3bU/eKB7xUOGqCDot8AzModnwE+XWCgdqn8CTZCNGhAAUR tCJBcnZlIEtqb2VsZW4gPGFram9lbGVAZWUuc2l1ZS5lZHU+ =csFb -----END PGP PUBLIC KEY BLOCK-----