On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote: > Basically you mount it on your system, which lets a bunch of stuff > work properly, and you then ignore it for ever more. Unless you're > particularly concerned about security, in which case, you don't mount > it and do without the stuff that needs it to run. Note that mounting > the /proc directory is only a risk in the eyes of the most utterly > paranoid administrators.
You're downplaying the security implications quite remarkably there: procfs has been the source of numerous local root vulnerabilities over the years, which should be a concern to anyone with untrusted local users. Kris
Description: PGP signature