/proc directory
Kris Kennaway
kris at obsecurity.org
Wed Dec 17 06:09:34 PST 2003
On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:
> Basically you mount it on your system, which lets a bunch of stuff
> work properly, and you then ignore it for ever more. Unless you're
> particularly concerned about security, in which case, you don't mount
> it and do without the stuff that needs it to run. Note that mounting
> the /proc directory is only a risk in the eyes of the most utterly
> paranoid administrators.
You're downplaying the security implications quite remarkably there:
procfs has been the source of numerous local root vulnerabilities over
the years, which should be a concern to anyone with untrusted local
users.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031217/993631b8/attachment.bin
More information about the freebsd-questions
mailing list