Subject: Re: NetBSD Security Advisory 2000-001
To: Daniel Carosone <dan@geek.com.au>
From: David Brownlee <abs@netbsd.org>
List: tech-security
Date: 02/16/2000 09:47:49
by redmail.netbsd.org with SMTP; 16 Feb 2000 12:13:25 -0000
by mono.org (8.8.8/8.8.8) id JAA15176;
Wed, 16 Feb 2000 09:47:50 GMT
Date: Wed, 16 Feb 2000 09:47:49 +0000 (GMT)
From: David Brownlee <abs@netbsd.org>
To: Daniel Carosone <dan@geek.com.au>
cc: Chris Jones <chris@cjones.org>, tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
In-Reply-To: <14506.26233.23859.399366@passion.geek.com.au>
Message-ID: <Pine.NEB.4.21.0002160946370.10923-100000@oblivion.mono.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 16 Feb 2000, Daniel Carosone wrote:
> Chris Jones writes:
>
> > > If this action cannot be taken, an immediate workaround is to disable
> > > the use of the proc filesystem. It is not mounted by default in NetBSD,
> > > and nothing in the NetBSD base tree depends on it. You can disable
> > > it by removing any procfs lines from /etc/fstab.
> >
> > What about user mounts of procfs filesystems?
>
> Specifically in the case of someone who cannot patch or upgrade ust
> yet, are they still vulnerable via user mounts?
>
> It's a very good question, and one for which I'd like an authoritative
> answer so I can adjust the SA as needed. Any takers, please?
Compile a kernel without procfs?
We should probably make compiled GENERIC-procfs kernels available
to make it easier for those who are running GENERIC and do not
want to recompile (one per port... ouch :(
David/absolute