Subject: Re: how to
To: Simon Burge <simonb@wasabisystems.com>
From: Wojciech Puchar <wojtek@tensor.3miasto.net>
List: netbsd-users
Date: 11/28/2003 21:25:59
>
> Wojciech Puchar wrote:
>
> > turn off viewing not owned processes for regular users?
>
> Do you mean "only view processes owned by the user executing the command"?
> This will have to be done in the kernel, in sys/kern/kern_sysctl.c at the
> sysctl_doeproc function.

thank you.

>
> > possibility to turn off netstat, sysstat and similar commands will be nice
> > too.
> >
> > the best would be to prevent user from getting any system-wide information
> > other than needed.
>
> Some programs just read from kmem, others use sysctl() to do the work.

this with kmem are solved by desuiding them - done.

> Having some global system of restricting access might be nice.  Feel
> free to do an audit :-)
>
will look at it..