Marek> It's not that simple - how about ftpd? The user who is
Marek> logged in would be able to read the address space of the ftpd
Marek> process. Not good - for example, some data from /etc/shadow
Marek> might be left in stdio buffers. /proc/<pid>/fd would be
Marek> another security hole - the user would get access to any
Marek> files open by ftpd (/etc/shadow, wtmp etc.).
Ok, I hadn't thought of that. You're right.
Everyone whose listening: don't install the patch.
Especially Linus :-)
Marek> If you really need this change, please make it a /proc mount
Marek> option which is off by default (called "insecure" for
Marek> example). It is not a good idea, maybe except for single
Marek> user systems where security is usually not very important
Marek> anyway...
Whilst I would like to use it, I can't accept such a security problem.
For a start, my system is used by many users who I trust, but not to the
extent that they know exactly what they're doing with my Linux box.
It's very much a file server too. So I am concerned about security.
(Someone nearly deleted all the files on the network with `rm -rf' --
since then, `root' is available to fewer people even if it does get in
the way, ever so slightly, of the sense of trust between me and my
coworkers).
Besides, I want to use /proc/self/exe in a commercial SVGALIB program
distributed on CD. (Well really it's a DOS/Windows 95 program, but as
we have a fully working Linux version, I'll probably slip that on too).
Ta,
-- Jamie