From owner-freebsd-security Sun Aug 10 07:29:02 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA22973 for security-outgoing; Sun, 10 Aug 1997 07:29:02 -0700 (PDT) Received: from netrail.net (netrail.net [205.215.10.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA22961 for ; Sun, 10 Aug 1997 07:28:59 -0700 (PDT) Received: from localhost (jonz@localhost) by netrail.net (8.8.6/8.8.6) with SMTP id KAA13868; Sun, 10 Aug 1997 10:28:13 GMT Date: Sun, 10 Aug 1997 10:28:13 +0000 (GMT) From: "Jonathan A. Zdziarski" To: Eivind Eklund cc: Brian Mitchell , bugtraq@netspace.org, freebsd-security@FreeBSD.ORG Subject: Re: procfs hole In-Reply-To: <199708101351.PAA04930@bitbox.follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk What are the effects of doing this? ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL ------------------------------------------------------------------------- On Sun, 10 Aug 1997, Eivind Eklund wrote: :> :> There is a major hole in procfs under FreeBSD 2.2.1 (2.1 is not affected, :> I have not tested 3.x but I believe it to be vulnerable as well) along :> with OpenBSD (not tested by me, but by someone else -- believe it was :> 2.1-RELEASE although obsd doesnt mount procfs by default like freebsd :> does). : :Temporary fix: Disable the /proc filesystem. Setting ro instead of rw in :/etc/fstab or chmod'ing on the mountpoint do _not_ work. : :Eivind, :looking for a proper fix, but not expecting to get there before David. :