No /proc or procfs by default in 5.1-RELEASE ... why ?
Kris Kennaway
kris at obsecurity.org
Thu Jul 17 20:15:27 PDT 2003
On Tue, Jul 15, 2003 at 11:42:49PM -0700, Josh Brooks wrote:
>
> Hello,
>
> As I am sure many have noticed, a default installation of 5.1-RELEASE will
> leave you with no procfs mounted at /proc, and no entry in /etc/fstab for
> a procfs.
>
> Is this by design ?
Yes. Historically speaking procfs is a huge security risk.
> Is it better to not run /proc on 5.x ?
If you run a multi-user system with untrusted users, yes.
> What are the consequences of running without a procfs on 5.x ?
You can't use truss(1) to monitor syscalls, but ktrace still works fine.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030716/55fc8086/attachment.bin
More information about the freebsd-questions
mailing list