>>   It is way too easy to mount things on top of /proc and thus
>> fool or confuse programs.  I think checking the FS of open /proc
>> files is an important concept that should be put in the man
>> pages for mount_procfs and mount_kernfs.  Is there any kind of
>> SECURITY section?  I didn't see any in the mdoc.samples man page.  
>
>That's why I suggest that procfs be changed so that the directories in
>/proc appear as owned by root, and *not* by the user.  It probably
>should have been that way all along, but no doubt when procfs was first
>envisioned it was expected that mount(2) would always require superuser
>priviledges.

how about yet another mount flag that signifies that no other mounts
may be made on top of the named file system?  so after all mounts have
been done on a machine, a simple

mount -a -u -o nomount

would render all filesystems un-overlayable.  so to speak.

(just random thought noise...)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."