Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 Dec 2003 14:26:56 +0000
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: /proc directory
Message-ID:  <20031217142656.GA8039@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <20031217140932.GA36294@xor.obsecurity.org>
References:  <1171291996.20031217144207@hotbox.ru> <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk> <20031217140932.GA36294@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Dec 17, 2003 at 06:09:32AM -0800, Kris Kennaway wrote:
> On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:
>=20
> > Basically you mount it on your system, which lets a bunch of stuff
> > work properly, and you then ignore it for ever more.  Unless you're
> > particularly concerned about security, in which case, you don't mount
> > it and do without the stuff that needs it to run.  Note that mounting
> > the /proc directory is only a risk in the eyes of the most utterly
> > paranoid administrators.
>=20
> You're downplaying the security implications quite remarkably there:
> procfs has been the source of numerous local root vulnerabilities over
> the years, which should be a concern to anyone with untrusted local
> users.

Hmmm... On reflection, and after reading through the list of security
advisories, then yes.  It is entirely possible that there still exist
vulnerabilities in the /proc system and you shouldn't use it on a
multi-user system where you don't trust all of the users.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--SLDf9lqlvOQaIe6s
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQE/4GewdtESqEQa7a0RAoqNAJ4iMHOeolInoUjcuXIjGpB3HH9O2ACgiA3N
W95u/hGFr3DmWAasORZ5JjM=
=OIQ9
-----END PGP SIGNATURE-----

--SLDf9lqlvOQaIe6s--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031217142656.GA8039>