Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Dec 2003 06:09:32 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>, flux <flux@hotbox.ru>, freebsd-questions@freebsd.org
Subject:   Re: /proc directory
Message-ID:  <20031217140932.GA36294@xor.obsecurity.org>
In-Reply-To: <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk>
References:  <1171291996.20031217144207@hotbox.ru> <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help

--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:

> Basically you mount it on your system, which lets a bunch of stuff
> work properly, and you then ignore it for ever more.  Unless you're
> particularly concerned about security, in which case, you don't mount
> it and do without the stuff that needs it to run.  Note that mounting
> the /proc directory is only a risk in the eyes of the most utterly
> paranoid administrators.

You're downplaying the security implications quite remarkably there:
procfs has been the source of numerous local root vulnerabilities over
the years, which should be a concern to anyone with untrusted local
users.

Kris

--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/4GObWry0BWjoQKURAknyAJ9WJcFe49zFMIVzzPlsG/6PPiZYbwCfcJ+c
89rPOuB+T7Yoa43YWBhp9PQ=
=/E8v
-----END PGP SIGNATURE-----

--9jxsPFA5p3P2qPhR--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031217140932.GA36294>