On Sun, 28 Apr 2002, Robert Watson wrote:

> The rationale for disabling procfs is that its functionality is largely
> redundant to existing sysctls and debugging mechanisms, and that it has
> been, and will likely continue to be, an important source of system
> security holes.

Okay disable it :-)

> I think truss is one of the last stragglers that relies on it --
> the other is 'ps -e', which gropes through the memory of each process to
> dig out the environmental variables.  This requires that ps both have
> substantial privilege, and that procfs be present.

Can't we take the privileges away, so that an user only can see his own
procs and only root can see all??



An OS is like swiss cheese, the bigger it is, the more holes you get!

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to