>hmm, on Fri, Sep 25, 2009 at 02:44:07PM -0600, Theo de Raadt said that >> The major reason for moving away from procfs is that there are >> numerous TOCTOU problems. > >out of curiousity, in principle, what is the difference between >accessing a through /procfs and the same value through sysctl, >and/or kernel memory? isn't procfs just a window to peek at those >values?
no. >also, don't the other systems care about these TOCTTOU problems? >or they do it in a correct, secure way? what happens if you read procfs files byte by byte, with sleeps between?
