Date: Tue, 30 Nov 2004 19:05:07 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Rob <spamrefuse@yahoo.com> Cc: FreeBSD <freebsd-questions@freebsd.org> Subject: Re: proc filesystem Message-ID: <20041201030507.GA7780@xor.obsecurity.org> In-Reply-To: <41AD1FF1.6030203@yahoo.com> References: <i7zrgv.nbrl0k@webmail.tuwien.ac.at> <20041130151055.GB45768@ei.bzerk.org> <41AD1FF1.6030203@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 01, 2004 at 10:35:45AM +0900, Rob wrote: > Ruben de Groot wrote: > > > >/proc is considered (and has demonstrated to be) a security > >risk and has therefore been disabled by default in FreeBSD 5.x >=20 > What security risks? > Same with linproc (mounted as /compat/linux/proc)? See any number of security advisories. It's not that there are known vulnerabilities remaining, it's that the very nature of what a procfs is means that there are likely to be other vulnerabilities waiting to be discovered. Kris --SUOF0GtieIMvvwua Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBrTTiWry0BWjoQKURAuxDAJ4hV7ndxiYNqZ1C/rVOPpdnxW6+igCffiDN G0hvVAiuSypEN/4GqDen440= =HCu2 -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041201030507.GA7780>