Date: Wed, 16 Jul 2003 16:33:04 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: freebsd-questions@freebsd.org Subject: Re: No /proc or procfs by default in 5.1-RELEASE ... why ? Message-ID: <20030716233304.GA30013@rot13.obsecurity.org> In-Reply-To: <20030715233938.P36933-100000@mail.econolodgetulsa.com> References: <20030715233938.P36933-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 15, 2003 at 11:42:49PM -0700, Josh Brooks wrote: >=20 > Hello, >=20 > As I am sure many have noticed, a default installation of 5.1-RELEASE will > leave you with no procfs mounted at /proc, and no entry in /etc/fstab for > a procfs. >=20 > Is this by design ? Yes. Historically speaking procfs is a huge security risk. > Is it better to not run /proc on 5.x ? If you run a multi-user system with untrusted users, yes. > What are the consequences of running without a procfs on 5.x ? You can't use truss(1) to monitor syscalls, but ktrace still works fine. Kris --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/FeCwWry0BWjoQKURAtcAAKDr+kKdyxkrI5Hoed/o9DR8eVsYZwCdEZUv pm6PFUFAVnKqcXA9yPFH3/A= =UASR -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030716233304.GA30013>