From owner-freebsd-questions@FreeBSD.ORG Wed Dec 17 06:09:34 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 170CF16A4CE for ; Wed, 17 Dec 2003 06:09:34 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id A5D8443D4F for ; Wed, 17 Dec 2003 06:09:32 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3E03766C4F; Wed, 17 Dec 2003 06:09:32 -0800 (PST) Date: Wed, 17 Dec 2003 06:09:32 -0800 From: Kris Kennaway To: Matthew Seaman , flux , freebsd-questions@freebsd.org Message-ID: <20031217140932.GA36294@xor.obsecurity.org> References: <1171291996.20031217144207@hotbox.ru> <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="9jxsPFA5p3P2qPhR" Content-Disposition: inline In-Reply-To: <20031217121218.GB6325@happy-idiot-talk.infracaninophile.co.uk> User-Agent: Mutt/1.4.1i Subject: Re: /proc directory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2003 14:09:34 -0000 --9jxsPFA5p3P2qPhR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote: > Basically you mount it on your system, which lets a bunch of stuff > work properly, and you then ignore it for ever more. Unless you're > particularly concerned about security, in which case, you don't mount > it and do without the stuff that needs it to run. Note that mounting > the /proc directory is only a risk in the eyes of the most utterly > paranoid administrators. You're downplaying the security implications quite remarkably there: procfs has been the source of numerous local root vulnerabilities over the years, which should be a concern to anyone with untrusted local users. Kris --9jxsPFA5p3P2qPhR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/4GObWry0BWjoQKURAknyAJ9WJcFe49zFMIVzzPlsG/6PPiZYbwCfcJ+c 89rPOuB+T7Yoa43YWBhp9PQ= =/E8v -----END PGP SIGNATURE----- --9jxsPFA5p3P2qPhR--