From owner-freebsd-security  Sun Aug 10 08:53:27 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id IAA26894
          for security-outgoing; Sun, 10 Aug 1997 08:53:27 -0700 (PDT)
Received: from netrail.net (netrail.net [205.215.10.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA26886
          for <freebsd-security@FreeBSD.ORG>; Sun, 10 Aug 1997 08:53:24 -0700 (PDT)
Received: from localhost (jonz@localhost)
	by netrail.net (8.8.6/8.8.6) with SMTP id LAA18484;
	Sun, 10 Aug 1997 11:52:45 GMT
Date: Sun, 10 Aug 1997 11:52:44 +0000 (GMT)
From: "Jonathan A. Zdziarski" <jonz@netrail.net>
To: Brian Mitchell <brian@firehouse.net>
cc: bugtraq@netspace.org, freebsd-security@FreeBSD.ORG
Subject: Re: procfs hole
In-Reply-To: <Pine.NEB.3.96.970810052824.3287A-100000@apocalypse.saturn.net>
Message-ID: <Pine.BSF.3.95q.970810115145.18416A-100000@netrail.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Would disabling bash and sh (and any other shells that allowed this) be a
good temporary solution?  I've noticed you have to have it set as your
default shell, so removing it from /etc/shells could prevent this.  It's
either that or disbale procfs (and I'm still not sure what the effects of
that would be)


-------------------------------------------------------------------------
Jonathan A. Zdziarski                                NetRail Incorporated
Server Engineering Manager                    230 Peachtree St. Suite 500
jonz@netrail.net                                        Atlanta, GA 30303
http://www.netrail.net                                    (888) - NETRAIL
-------------------------------------------------------------------------