[EMAIL PROTECTED] (Herbert Poetzl) writes: > did a quick, first impression classification on those > entries, so it is a start, but nothing final, and YMMV > > /proc/net/ (C)
required at least for firewall- or VPN-setup vservers > -/proc/net/rpc/ (D) proof-of-concept code ;) there is probably no need to remove this entry, but this directory seems to be good for testing the '-' prefix without destroying too much functionality... > -/proc/sys/debug/ (D) > -/proc/sys/dev/ (D) ditti > /proc/kcore (D) > /proc/kmsg (C) > /proc/ksyms (C) protected by CAP_SYS_ADMIN > (B) ... not required, leaks host info I do not think that this is a real problem; most parameters can be determined in other ways also. So hiding the /proc entries would not increase security. > (C) ... critical, might pose a security risk > (D) ... dangerous, might be used for DoS Capability system should and must give enough protection; there are a few entries (sysrq-triggers and scsi) which need the extra vproc wrapper. But this schould be the exception not the rule... Enrico _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
