Is there any way to get the cwd of a process? We had the situation recently where a perl script was called from an infiltrated Wordpress installation, but we weren't able to determine which of the hundreds of Wordpress blogs was the source. The ps listing showed:
www 63968 2.4 0.2 26092 5008 ?? Rs 5:36PM 93:10.67 ./mrf.pl (perl5.8.8) The procfs entry was no help because it does not seem to provide a cwd. The cmdline entry just showed "/usr/local/bin/perl ./mrf.pl". We had to kill the process, and who ever was responsible did a good job of hiding their tracks. But should this happen again (and we expect it will), we'd like to be able to find the source. Patrick _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
