Hi,
The local root exploit-of-the-week would have been unable to run if our
users systems had /proc mounted with nosuid and/or noexec
It would be worthwhile considering making this a default. What are
people's thoughts?
Additional testing of this change would be appreciated (just ensure that
nothing breaks). To do it as a one off:
# mount -o remount,nosuid,noexec /proc
To make it more permanent, /etc/fstab has:
proc /proc proc defaults 0 0
Change to:
proc /proc proc nosuid,noexec 0 0
Thanks,
Daniel
--
gentoo-dev@gentoo.org mailing list
