by redmail.netbsd.org with SMTP; 16 Feb 2000 09:12:26 -0000
	by geek.com.au (8.8.8/8.8.8) id UAA27356;
	Wed, 16 Feb 2000 20:03:18 +1100 (EST)
From: Daniel Carosone <dan@geek.com.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Date: Wed, 16 Feb 2000 20:03:17 +1100 (EST)
To: Chris Jones <chris@cjones.org>
Cc: tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
In-Reply-To: <x6zot2w3h2.fsf@reddwarf.rightnowtech.com>
References: <14505.23693.773699.404104@passion.geek.com.au>
	<x6zot2w3h2.fsf@reddwarf.rightnowtech.com>
Message-ID: <14506.26233.23859.399366@passion.geek.com.au>


Philosophical discussions aside, let's return for a moment to the
original question..

Chris Jones writes:

 > > If this action cannot be taken, an immediate workaround is to disable
 > > the use of the proc filesystem. It is not mounted by default in NetBSD,
 > > and nothing in the NetBSD base tree depends on it. You can disable
 > > it by removing any procfs lines from /etc/fstab.
 > 
 > What about user mounts of procfs filesystems?

Specifically in the case of someone who cannot patch or upgrade ust
yet, are they still vulnerable via user mounts?

It's a very good question, and one for which I'd like an authoritative 
answer so I can adjust the SA as needed. Any takers, please?

--
Dan.