Ubuntu
emacs23 package

Rogue root 'emacs23' process

Asked by Davor Cubranic

Binary package hint: emacs23

On my KUbuntu Lucid desktop, I occasionally see an emacs23 process run by the root and taking up 30% CPU or more. Here is an example with top:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2031 root 30 10 32032 15m 4904 R 33.2 0.8 0:31.23 emacs23

Where is this coming from? I am the only user logged into the machine and sshd is disabled. Could it be a rootkit of some sort?

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu emacs23 Edit question
Assignee:
No assignee Edit question
Solved by:
Davor Cubranic
Solved:
Last query:
Last reply:

This question was originally filed as bug #588808.

Revision history for this message
Anders Kaseorg (andersk) said : 		#1

Do you have the auctex package installed? You are probably just seeing /etc/cron.weekly/auctex (which runs every week in the background as root).

Revision history for this message
Anders Kaseorg (andersk) said : 		#2

[repeating as an “Information Request”]
Do you have the auctex package installed? You are probably just seeing /etc/cron.weekly/auctex (which runs every week in the background as root).

Revision history for this message
era (era) said : 		#3

The "where is it coming from" part can be investigated from a ps(1) listing. Each process also lists its parent process ID; you should expect to see this job turn up as a child (or grandchild) of cron if Anders Kaseorg's hypothesis is correct.

The output from pstree(1) is easier to grasp than a raw ps(1) listing if you are not too familiar with the concepts.

Revision history for this message
Davor Cubranic (cubranic) said : 		#4

I do have auctex installed, so that's probably what it is. Thank you very much for the answer.

I haven't noticed this situation recently, but when I do I will check that the process's parent really is cron. Thanks for the tip, it hadn't occurred to me to look for that.

It's odd that this process would put such a load on the CPU, I never see Emacs do that when I run it interactively, but that's another issue entirely.