On Wed, Dec 17, 2003 at 06:09:32AM -0800, Kris Kennaway wrote:
> On Wed, Dec 17, 2003 at 12:12:18PM +0000, Matthew Seaman wrote:
> > Basically you mount it on your system, which lets a bunch of stuff
> > work properly, and you then ignore it for ever more.  Unless you're
> > particularly concerned about security, in which case, you don't mount
> > it and do without the stuff that needs it to run.  Note that mounting
> > the /proc directory is only a risk in the eyes of the most utterly
> > paranoid administrators.
> You're downplaying the security implications quite remarkably there:
> procfs has been the source of numerous local root vulnerabilities over
> the years, which should be a concern to anyone with untrusted local
> users.

Hmmm... On reflection, and after reading through the list of security
advisories, then yes.  It is entirely possible that there still exist
vulnerabilities in the /proc system and you shouldn't use it on a
multi-user system where you don't trust all of the users.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to