Date: Sun, 28 Apr 2002 15:02:42 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.ORG> To: Richard Arends <richard@unixguru.nl> Cc: Kris Kennaway <kris@obsecurity.org>, current@FreeBSD.ORG Subject: Re: truss Message-ID: <Pine.NEB.3.96L.1020428145941.64976K-100000@fledge.watson.org> In-Reply-To: <20020428204804.V44029-100000@mail.unixguru.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 28 Apr 2002, Richard Arends wrote: > On Sun, 28 Apr 2002, Kris Kennaway wrote: > > > procfs is not mounted by default. > > New to current (one day old baby :-), so didn't know that. sorry() > > Why isn't it mounted by default?? I believe DES has a largely rewritten version of truss that doesn't use procfs. When I disabled procfs in sysinstall, I did it thinking that had already been committed, but it turned out not to have been. Hopefully he'll get it finished and committed sometime soon. The rationale for disabling procfs is that its functionality is largely redundant to existing sysctls and debugging mechanisms, and that it has been, and will likely continue to be, an important source of system security holes. The very nature of procfs (mapping one kernel abstraction into another with different security properties) is part of what makes that likely. In fact, if it's not already on the "how to harden your system list", unmounting procfs should be at the top of it :-). I think truss is one of the last stragglers that relies on it -- the other is 'ps -e', which gropes through the memory of each process to dig out the environmental variables. This requires that ps both have substantial privilege, and that procfs be present. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1020428145941.64976K-100000>