Date: Wed, 17 Dec 2003 06:09:32 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Matthew Seaman <m.seaman@infracaninophile.co.uk>, flux <flux@hotbox.ru>, freebsd-questions@freebsd.org Subject: Re: /proc directory Message-ID: <20031217140932.GA36294@xor.obsecurity.org> In-Reply-To: <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk> References: <1171291996.20031217144207@hotbox.ru> <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote: > Basically you mount it on your system, which lets a bunch of stuff > work properly, and you then ignore it for ever more. Unless you're > particularly concerned about security, in which case, you don't mount > it and do without the stuff that needs it to run. Note that mounting > the /proc directory is only a risk in the eyes of the most utterly > paranoid administrators. You're downplaying the security implications quite remarkably there: procfs has been the source of numerous local root vulnerabilities over the years, which should be a concern to anyone with untrusted local users. Kris --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/4GObWry0BWjoQKURAknyAJ9WJcFe49zFMIVzzPlsG/6PPiZYbwCfcJ+c 89rPOuB+T7Yoa43YWBhp9PQ= =/E8v -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031217140932.GA36294>