Subject: Re: kern.showallprocs implementation
To: Elad Efrat <>
From: Bill Studenmund <>
List: tech-kern
Date: 08/29/2005 10:47:59
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 27, 2005 at 12:07:54AM +0300, Elad Efrat wrote:
> Geert Hendrickx wrote:
> > Users may accept that it works differently in future 4.0 than it would =
in 3.0. =20
> I already discussed this with Rui. If you insist on having this feature
> for NetBSD 3.0, then either implement a ``kern.privacy'' node and add
> something like ``kern.privacy.proc'', or I'll do it myself, but *please*
> don't use something like ``kern.showallprocs''.

The one comment I have is in repsponse to the name. I suggest we go with=20
something similar to what FreeBSD has:

     security.bsd.suser_enabled 	      integer	    yes
     security.bsd.see_other_uids	      integer	    yes
     security.bsd.unprivileged_proc_debug     integer	    yes
     security.bsd.unprivileged_read_msgbuf    integer	    yes

Obviously we don't have to have all of these nodes. But=20
"security.bsd.see_other_uids" seems about as good as "kern.privacy.proc".

I think it would be appropriate to have one knob control both the process=
and socket ownership features in your (Elad's) code.

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (NetBSD)