The /proc vulnerability
Posted Jul 20, 2006 5:57 UTC (Thu) by sweikart
Parent article: The /proc vulnerability
> It should be noted that this workaround was the right thing to do for /proc
> all along; nothing good can come from allowing those bits to be used.
Luckily, I'd already mounted most of my filing systems nosuid. [And the writable filing systems in my chroot jails are mounted noexe,nodev]
But, your point brings up some obvious questions. Should /proc also be mounted noexe? And how should we mount /sys, /dev/shm, /dev/pts, /selinux?
to post comments)