From owner-freebsd-security  Tue Dec 19 12:45:39 2000
From owner-freebsd-security@FreeBSD.ORG  Tue Dec 19 12:45:38 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from grok.example.net (a0g1355ly34tj.bc.hsia.telus.net [216.232.254.227])
	by hub.freebsd.org (Postfix) with ESMTP id AD38037B402
	for <freebsd-security@FreeBSD.ORG>; Tue, 19 Dec 2000 12:45:37 -0800 (PST)
Received: by grok.example.net (Postfix, from userid 1000)
	id 19C67213145; Tue, 19 Dec 2000 12:45:32 -0800 (PST)
Date: Tue, 19 Dec 2000 12:45:32 -0800
From: Steve Reid <sreid@sea-to-sky.net>
To: Mikhail Kruk <meshko@cs.brandeis.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:77.procfs
Message-ID: <20001219124531.F46370@grok.bc.hsia.telus.net>
References: <xzplmtcy5vg.fsf@flood.ping.uio.no> <Pine.LNX.4.30.0012191343530.19915-100000@daedalus.cs.brandeis.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <Pine.LNX.4.30.0012191343530.19915-100000@daedalus.cs.brandeis.edu>; from Mikhail Kruk on Tue, Dec 19, 2000 at 01:45:01PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Dec 19, 2000 at 01:45:01PM -0500, Mikhail Kruk wrote:
> see you previous e-mail :) I was talking about things you loose when you
> umount procfs

I unmounted /procfs late last night woke up this morning with a mailbox
full of error messages from Amavis.

McAfee/NAI "uvscan" appears to use "/proc/%d/cmdline" (strings(1) is
your friend). My usr/local/bin/uvscan was symlinked to the actual
binary installed elsewhere and when I unmounted procfs it could no
longer find "./messages.dat". So I replaced the symlink with a shell
script that does a cd+exec and all is well.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message