Re: As 2.0 looms

Ian Jackson (ian@chiark.chu.cam.ac.uk)
Tue, 30 Apr 96 22:08 BST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew C. Esh: "Re: Whee, Greased HedgeHog on Steroids, take 2"
Previous message: Thomas Quinot: "Re: Things to consider before 2.0.0"

Marek Michalkiewicz writes ("Re: As 2.0 looms"):
...
> - /proc is still insecure :-(. You can open /proc/<pid>/mem and
> hold the file descriptor, then have the target process exec some
> setuid/setgid/unreadable program and read its memory at will.
> Not good for things like ssh - the secret host key is there...

Oh, ****, has this _still_ not been fixed ?

If I revamp my /proc-paranoia patch for 1.3.x, will it get accepted,
or should I not bother ?

Ian.

Next message: Andrew C. Esh: "Re: Whee, Greased HedgeHog on Steroids, take 2"
Previous message: Thomas Quinot: "Re: Things to consider before 2.0.0"