Package: initscripts Version: 2.86.ds1-14.1 Severity: grave File: /etc/init.d/mountkernfs.sh Tags: security
Hi, while playing around with the latest kernel exploit http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047907.html i wondered why the kernel virtual file systems (/sys, /proc) have pretty much every capability. Why do those filesystems need dev, exec, suid capabilities? Unless there is a good reason please mount them noexec,nodev,nosuid. MfG Goswin -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-frosties-2 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages initscripts depends on: ii debianutils 2.16.2 Miscellaneous utilities specific t ii e2fsprogs 1.39-1 ext2 file system utilities and lib ii libc6 2.3.6-15 GNU C Library: Shared libraries ii lsb-base 3.1-10 Linux Standard Base 3.1 init scrip ii mount 2.12r-10 Tools for mounting and manipulatin initscripts recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
