> The _REAL_ solution is to have well-documented, portable, extensible APIs
> for the functions that currently require access to the kernel symbol table
> and /dev/kmem.  Perhaps stuff can be added to sysctl()... 

Every time you do this, someone will need something more than you
provide.  I guarantee it.

>Computing the load average is a commonplace operation.  Many programs want
>to do it to take different actions depending on how badly the system is loaded.
>I know of many inet servers that do this.  However:
> 
> - You probably spend more time reading the kernel symbol table than you'd
>   save by taking the action you'd take if the load was low.
> - You require access to /dev/kmem (suid root or sgid kmem) which is an
>   inherent security flaw that may develop into a hole.

you know that the load average is currently gotten through sysctl, right?

> Unless you are debugging a kernel, /dev/kmem should not even have to exist.

While that's a nice sentiment (that i can't really agree with, since i
_always_ am hacking in the kernel... 8-), i think it's problematic
because there's always "one more thing" that various programs will
want access to.



chris