by redmail.netbsd.org with SMTP; 15 Feb 2000 22:56:43 -0000
	by gnyf.wheel.dk (8.9.1/8.9.1) id XAA18899;
	Tue, 15 Feb 2000 23:56:39 +0100 (CET)
Date: Tue, 15 Feb 2000 23:56:39 +0100
From: "Soren S. Jorvang" <soren@wheel.dk>
To: Manuel Bouyer <bouyer@antioche.lip6.fr>
Cc: tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
Message-ID: <20000215235639.B18825@gnyf.wheel.dk>
References: <14505.23693.773699.404104@passion.geek.com.au> <x6zot2w3h2.fsf@reddwarf.rightnowtech.com> <20000215230900.A6739@antioche.lip6.fr> <x6itzqw0di.fsf@reddwarf.rightnowtech.com> <20000215235049.A6841@antioche.lip6.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20000215235049.A6841@antioche.lip6.fr>; from bouyer@antioche.lip6.fr on Tue, Feb 15, 2000 at 11:50:49PM +0100

On Tue, Feb 15, 2000 at 11:50:49PM +0100, Manuel Bouyer wrote:
> > > Are regular users really allowed to mount procfs ???
> > 
> > Yes.  At least, I just did so on my 1.4R i386.
> 
> Well, I don't feel really confortable with this ... I'd prefer to have it
> restricted to root.

Very much seconded. No matter how hard we try, it will continue to
be a tricky issue.

Have a sysctl default it to be root-only by default seems a good idea.


-- 
Soren