by redmail.netbsd.org with SMTP; 16 Feb 2000 12:13:25 -0000
	by mono.org (8.8.8/8.8.8) id JAA15176;
	Wed, 16 Feb 2000 09:47:50 GMT
Date: Wed, 16 Feb 2000 09:47:49 +0000 (GMT)
From: David Brownlee <abs@netbsd.org>
To: Daniel Carosone <dan@geek.com.au>
cc: Chris Jones <chris@cjones.org>, tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
In-Reply-To: <14506.26233.23859.399366@passion.geek.com.au>
Message-ID: <Pine.NEB.4.21.0002160946370.10923-100000@oblivion.mono.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Wed, 16 Feb 2000, Daniel Carosone wrote:

> Chris Jones writes:
> 
>  > > If this action cannot be taken, an immediate workaround is to disable
>  > > the use of the proc filesystem. It is not mounted by default in NetBSD,
>  > > and nothing in the NetBSD base tree depends on it. You can disable
>  > > it by removing any procfs lines from /etc/fstab.
>  > 
>  > What about user mounts of procfs filesystems?
> 
> Specifically in the case of someone who cannot patch or upgrade ust
> yet, are they still vulnerable via user mounts?
> 
> It's a very good question, and one for which I'd like an authoritative 
> answer so I can adjust the SA as needed. Any takers, please?

	Compile a kernel without procfs?
	We should probably make compiled GENERIC-procfs kernels available
	to make it easier for those who are running GENERIC and do not
	want to recompile (one per port... ouch :(

		David/absolute