[5136] in bugtraq
Re: procfs hole
daemon@ATHENA.MIT.EDU (Eivind Eklund)
Mon Aug 11 01:55:41 1997
Date: Sun, 10 Aug 1997 15:51:54 +0200
Reply-To: Eivind Eklund <perhaps@YES.NO>
From: Eivind Eklund <perhaps@YES.NO>
X-To: Brian Mitchell <brian@firehouse.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Brian Mitchell's message of Sun, 10 Aug 1997 05:37:40 -0400 (EDT)
>
> There is a major hole in procfs under FreeBSD 2.2.1 (2.1 is not affected,
> I have not tested 3.x but I believe it to be vulnerable as well) along
> with OpenBSD (not tested by me, but by someone else -- believe it was
> 2.1-RELEASE although obsd doesnt mount procfs by default like freebsd
> does).
Temporary fix: Disable the /proc filesystem. Setting ro instead of rw in
/etc/fstab or chmod'ing on the mountpoint do _not_ work.
Eivind,
looking for a proper fix, but not expecting to get there before David.
