Crazy perl problem!

[SuperMatt]

Hello there,
This morning I came into work and the G4/400 Tower on my desk was emitting lots of noise from its hard drive, as if I was accessing it heavily. I opened up process viewer (which took forever as everything on the machine was super-slow) and it showed the process perl taking up 80% of the system memory and something like 30% of the processor. I logged out of the system and back in, which had no effect since the operation belonged to root. After a few minutes, everything had completely frozen up on the GUI side, so I rebooted with the little reboot button on the front of the case. After rebooting, there is no problem at all.
Also, whatever this problem was, it was eating my hard drive space too. Before rebooting, hard drive space was down to 900 MB, but after the reboot, was back at 3.5GB. Has anybody seen anything like this before? Did somebody hack into my system perhaps?

-An additional note: After the reboot, I ran software update, and the security update July 2002 and 7-18-02 had not been run yet. I am currently running them in case somebody had hacked in using one of those vulnerabilities.

Matthew

 

[btoneill]

without knowing what the perl script that was running was, no way to tell.

Brian

 

[dsnyder]

I believe OS X runs maintenance scripts periodically to rotate log files, etc. It was probably just this. If for some reason the scripts hadn't been run recently, the log files can get quite big, which could explain why you have so much free space now. I don't think the log files would be quite THAT big, but perhaps the combination of them and a bloated virtual memory file?

 

[baur]

If you want to look through what runs on a regular basis, take a look at /etc/daily, /etc/weekly and /etc/monthly - at a quick glance, I didn't see any perl looking stuff... but that doesn't mean much.
A lot of space can get filled up with virtual memory, but 3 GB sounds a bit much... I don't know if that gets cleaned up on a regular basis, but it is certainly gone after a reboot.

 

[dsnyder]

OK, I hadn't actually poked around to see what the maintenaince scripts were and what they did. I just remember finding file that were in the neighborhood of hundreds of MB in /var/log a few months ago. I suppose that is because I have a laptop, and it is usually turned off or asleep when the cron jobs are supposed to run.

So I suppose there is still a real possibility that you have been r00ted.

If this does happen again, using "ps auwx" in the Terminal should give you an idea of exactly which process is causing the problem, and I think it will show any command line arguments passed to perl so we can figure out what it is doing.