In article <20011017213051.A12053@nitric.net>,  <xs@nitric.net> wrote:
>
>Hi,
>I have had my first attempt at writing something relatively useful
>for the NetBSD kernel. I would really appreciate any comments, and
>also any advice as to whether I should do anything with this code
>other than use it myself, and if so, what.
>
>The patches introduce two new sysctls, kern.restrict_proc and
>kern.restrict_ proc_gid.
>When kern.restrict_proc is set to 1, (it defaults to 0) only root
>and those users in the group specified numerically by
>kern.restrict_proc_gid may view the details of processes they do
>not own. Normal users may only see their own processes.
>
>I believe this patch is useful because it gives users privacy
>from each other whilst at the same time not limiting the genuine
>need for some users (say, system administration staff) to be able
>to see everything that is going on without always becoming the
>superuser. One example where this would be useful is on a shell
>server. (depending on it's policy)
>
>The patches are against 1.5.1, as I have not yet got the -current
>source anywhere. They are available here:
>
>http://nitric.net/~xs/restrict_proc.tar.gz

Is there a real reason to have 2 sysctl variables? You could use -1 
in the kern.restrict_proc_gid for the the unrestricted case..

christos