/proc directory
Matthew Seaman
m.seaman at infracaninophile.co.uk
Wed Dec 17 06:27:54 PST 2003
On Wed, Dec 17, 2003 at 06:09:32AM -0800, Kris Kennaway wrote:
> On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:
>
> > Basically you mount it on your system, which lets a bunch of stuff
> > work properly, and you then ignore it for ever more. Unless you're
> > particularly concerned about security, in which case, you don't mount
> > it and do without the stuff that needs it to run. Note that mounting
> > the /proc directory is only a risk in the eyes of the most utterly
> > paranoid administrators.
>
> You're downplaying the security implications quite remarkably there:
> procfs has been the source of numerous local root vulnerabilities over
> the years, which should be a concern to anyone with untrusted local
> users.
Hmmm... On reflection, and after reading through the list of security
advisories, then yes. It is entirely possible that there still exist
vulnerabilities in the /proc system and you shouldn't use it on a
multi-user system where you don't trust all of the users.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20031217/9ab4dc8e/attachment.bin
More information about the freebsd-questions
mailing list