OpenBSD Journal

Security fix for procfs

Contributed by grey on from the fixit dept.

Thanks to Jose Nazario for pointing out that Patch 006 for 3.5 and 020 for 3.4 are available.


005: SECURITY FIX: May 13, 2004
Check for integer overflow in procfs. Use of procfs is not recommended.
A source code patch exists which remedies this problem.

Update: the patch number is now correctly referenced on the corresponding errata pages.

(Comments are closed)

  1. By Anonymous Coward ( on

    "Use of procfs is not recommended."

    1. By Anonymous Coward ( on

      oops ! sorry what I meant to say was, "Use of procfs is not recommended." why is this ?

      1. By tedu ( on

        it doesn't provide much in the way of features, and has historically been a security hazard for every OS to implement one.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]