From owner-freebsd-questions@FreeBSD.ORG  Wed Dec 17 06:09:34 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 170CF16A4CE
	for <freebsd-questions@freebsd.org>;
	Wed, 17 Dec 2003 06:09:34 -0800 (PST)
Received: from obsecurity.dyndns.org
	(adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A5D8443D4F
	for <freebsd-questions@freebsd.org>;
	Wed, 17 Dec 2003 06:09:32 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id 3E03766C4F; Wed, 17 Dec 2003 06:09:32 -0800 (PST)
Date: Wed, 17 Dec 2003 06:09:32 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	flux <flux@hotbox.ru>, freebsd-questions@freebsd.org
Message-ID: <20031217140932.GA36294@xor.obsecurity.org>
References: <1171291996.20031217144207@hotbox.ru>
	<20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR"
Content-Disposition: inline
In-Reply-To: <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk>
User-Agent: Mutt/1.4.1i
Subject: Re: /proc directory
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Dec 2003 14:09:34 -0000


--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:

> Basically you mount it on your system, which lets a bunch of stuff
> work properly, and you then ignore it for ever more.  Unless you're
> particularly concerned about security, in which case, you don't mount
> it and do without the stuff that needs it to run.  Note that mounting
> the /proc directory is only a risk in the eyes of the most utterly
> paranoid administrators.

You're downplaying the security implications quite remarkably there:
procfs has been the source of numerous local root vulnerabilities over
the years, which should be a concern to anyone with untrusted local
users.

Kris

--9jxsPFA5p3P2qPhR
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/4GObWry0BWjoQKURAknyAJ9WJcFe49zFMIVzzPlsG/6PPiZYbwCfcJ+c
89rPOuB+T7Yoa43YWBhp9PQ=
=/E8v
-----END PGP SIGNATURE-----

--9jxsPFA5p3P2qPhR--