/proc directory

Matthew Seaman m.seaman at infracaninophile.co.uk
Wed Dec 17 06:27:54 PST 2003

On Wed, Dec 17, 2003 at 06:09:32AM -0800, Kris Kennaway wrote:
> On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:
> > Basically you mount it on your system, which lets a bunch of stuff
> > work properly, and you then ignore it for ever more.  Unless you're
> > particularly concerned about security, in which case, you don't mount
> > it and do without the stuff that needs it to run.  Note that mounting
> > the /proc directory is only a risk in the eyes of the most utterly
> > paranoid administrators.
> You're downplaying the security implications quite remarkably there:
> procfs has been the source of numerous local root vulnerabilities over
> the years, which should be a concern to anyone with untrusted local
> users.

Hmmm... On reflection, and after reading through the list of security
advisories, then yes.  It is entirely possible that there still exist
vulnerabilities in the /proc system and you shouldn't use it on a
multi-user system where you don't trust all of the users.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031217/9ab4dc8e/attachment.bin

More information about the freebsd-questions mailing list