Subject: Re: Restricting kern.proc* access
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 10/17/2001 21:56:54
on Wed, Oct 17, 2001 at 08:40:31PM +0000, Christos Zoulas wrote:
> In article <20011017213051.A12053@nitric.net>, <email@example.com> wrote:
> >The patches introduce two new sysctls, kern.restrict_proc and
> >kern.restrict_ proc_gid.
> >When kern.restrict_proc is set to 1, (it defaults to 0) only root
> >and those users in the group specified numerically by
> >kern.restrict_proc_gid may view the details of processes they do
> >not own. Normal users may only see their own processes.
> Is there a real reason to have 2 sysctl variables? You could use -1
> in the kern.restrict_proc_gid for the the unrestricted case..
yes, I considered that. But gid_t is, as far as I can see, unsigned.
So -1 could be a legitimate value. Would it be better to keep two
variables, but interpret one sysctl?