Re: /proc directory

• Previous message: michael Alexander: "RE: Load new drivers during install"
• In reply to: Matthew Seaman: "Re: /proc directory"
• Next in thread: Matthew Seaman: "Re: /proc directory"
• Reply: Matthew Seaman: "Re: /proc directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 17 Dec 2003 06:09:32 -0800
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>, flux <flux@hotbox.ru>, freebsd-questions@freebsd.org

On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:

> Basically you mount it on your system, which lets a bunch of stuff
> work properly, and you then ignore it for ever more. Unless you're
> particularly concerned about security, in which case, you don't mount
> it and do without the stuff that needs it to run. Note that mounting
> the /proc directory is only a risk in the eyes of the most utterly
> paranoid administrators.

You're downplaying the security implications quite remarkably there:
procfs has been the source of numerous local root vulnerabilities over
the years, which should be a concern to anyone with untrusted local
users.

Kris

• application/pgp-signature attachment: stored

• Previous message: michael Alexander: "RE: Load new drivers during install"
• In reply to: Matthew Seaman: "Re: /proc directory"
• Next in thread: Matthew Seaman: "Re: /proc directory"
• Reply: Matthew Seaman: "Re: /proc directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: /proc directory ... >> particularly concerned about security, in which case, you don't mount ... > procfs has been the source of numerous local root vulnerabilities over ... (freebsd-questions) [Full-Disclosure] OpenBSD procfs ... Deprotect Security Advisory 20041405 ... Kernel memory disclosure via procfs. ... Deprotect is a Swedish based security company divided into four divisions; ... (Full-Disclosure) Re: [patch 7/8] allow unprivileged mounts ... mounting of this filesystem may not constitute a security problem. ... is there any realistic likelihood that any filesystem ... If it worked for mount --bind for any fs I could see uses of this. ... (Linux-Kernel) Re: REČ: FreeBSD isdangerous! ... > in my debian Linux partitions. ... The problem isn't specific to FreeBSD. ... partition from another fs is a security problem in your particular ... mount it, ... (freebsd-newbies) [UNIX] Linux Virtual Server/Secure Context Procfs Shared Permissions Flaw ... Get your security news from a reliable source. ... Linux Virtual Server "extends the Linux ... While auditing and experimenting with VServer procfs and vproc security ... and even the host system. ... (Securiteam)