On Wed, Dec 17, 2003 at 06:09:32AM -0800, Kris Kennaway wrote: > On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote: > > > Basically you mount it on your system, which lets a bunch of stuff > > work properly, and you then ignore it for ever more. Unless you're > > particularly concerned about security, in which case, you don't mount > > it and do without the stuff that needs it to run. Note that mounting > > the /proc directory is only a risk in the eyes of the most utterly > > paranoid administrators. > > You're downplaying the security implications quite remarkably there: > procfs has been the source of numerous local root vulnerabilities over > the years, which should be a concern to anyone with untrusted local > users.
Hmmm... On reflection, and after reading through the list of security advisories, then yes. It is entirely possible that there still exist vulnerabilities in the /proc system and you shouldn't use it on a multi-user system where you don't trust all of the users. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK
Description: PGP signature