Subject: Re: procfs & mount changes (was: ps /proc changes)
To: Greg A. Woods <firstname.lastname@example.org>
From: Andrew Brown <email@example.com>
Date: 03/29/1999 16:32:40
>> It is way too easy to mount things on top of /proc and thus
>> fool or confuse programs. I think checking the FS of open /proc
>> files is an important concept that should be put in the man
>> pages for mount_procfs and mount_kernfs. Is there any kind of
>> SECURITY section? I didn't see any in the mdoc.samples man page.
>That's why I suggest that procfs be changed so that the directories in
>/proc appear as owned by root, and *not* by the user. It probably
>should have been that way all along, but no doubt when procfs was first
>envisioned it was expected that mount(2) would always require superuser
how about yet another mount flag that signifies that no other mounts
may be made on top of the named file system? so after all mounts have
been done on a machine, a simple
mount -a -u -o nomount
would render all filesystems un-overlayable. so to speak.
(just random thought noise...)
|-----< "CODE WARRIOR" >-----|
firstname.lastname@example.org * "ah! i see you have the internet
email@example.com (Andrew Brown) that goes *ping*!"
firstname.lastname@example.org * "information is power -- share the wealth."