From owner-freebsd-security Mon Dec 18 18:30:51 2000 From owner-freebsd-security@FreeBSD.ORG Mon Dec 18 18:30:48 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from icarus.cs.brandeis.edu (icarus.cs.brandeis.edu [129.64.3.180]) by hub.freebsd.org (Postfix) with ESMTP id 60F4637B400; Mon, 18 Dec 2000 18:30:48 -0800 (PST) Received: from localhost (meshko@localhost) by icarus.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id VAA25556; Mon, 18 Dec 2000 21:30:47 -0500 Date: Mon, 18 Dec 2000 21:30:47 -0500 (EST) From: Mikhail Kruk To: Kris Kennaway Cc: Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs In-Reply-To: <20001218181216.A2629@citusc.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: meshko@icarus.cs.brandeis.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > >There have been other vulnerabilities in procfs in the past. There may > > >be others discovered in the future..it's what you might call "risky > > >code". > > > > Apart from not mounting it, does mounting it readonly make any difference ? > > proc /proc procfs r 0 0 > > instead of > > proc /proc procfs rw 0 0 > > Probably not. > > > What does one loose these days on 4.x not mounting it by default ? > > Not sure either. I've been running with my procfs unmounted ever since you mentioned problems with it (btw I think you should have done it right after it surfaced, but maybe I'm missing something). Everything seems to work just fine (including ps and who to the extent I'm using them). The only problem I've had so far is that Star Office core dumps. I wonder what are real disadvantages of not having procfs... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message