On Tue, 26 Oct 2004, D N wrote:
> Can you elaborate on this?
>
> Non-root users shouldnt be able to write to /proc anyway...
/proc provides an interface to the kernel that is often non-essential from
the point of view of what's required on the machine.
If you look back at the history of local exploits for FreeBSD you will
find that they are mostly centric on this due to the codebase for the
stock setuid stuff having been revisited over and over - there's really
not a lot left to play with in terms of abuse, bar screen (not stock)
We disable the mount on all new systems as standard practise, in fact I've
been doing it for a few years now.
There's really no argument against this bar an occasional debugging need,
which can be dealt with at runtime in any case.
Regards,
J.
--
Jess Kitchen ^ burstfire.net[works] _25492$
| www.burstfire.net.uk
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
