tech-kern: ps ax availability for non-root

Subject: ps ax availability for non-root
To: None <tech-kern@netbsd.org>
From: None <wojtek@3miasto.net>
List: tech-kern
Date: 04/13/2001 10:57:55

i would like to add option to disable readability of process info of other
users completely for non-root (like in linux with secure-linux patch):

i have almost no experience in kernel programming so is it a good idea to 
change:

	/* only root or same user change look at the environment */
	if (type == KERN_PROC_ENV || type == KERN_PROC_NENV) {
   		if (up->p_ucred->cr_uid != 0) {
			if (up->p_cred->p_ruid != p->p_cred->p_ruid ||
			    up->p_cred->p_ruid != p->p_cred->p_svuid)
				return (EPERM);
		}

to:

	/* only root or same user change look at the environment
           (user_ps_ax!=0) or anything (user_ps_ax==0) */
	if (!user_ps_ax || type == KERN_PROC_ENV || type == KERN_PROC_NENV) {
		if (up->p_ucred->cr_uid != 0) {
			if (up->p_cred->p_ruid != p->p_cred->p_ruid ||
			    up->p_cred->p_ruid != p->p_cred->p_svuid)
				return (EPERM);
		}


and then lines for sysctl interface (kern.user_ps_ax ?) for user_ps_ax
variable which defaults to 1 but could be changed to 0.