--AkbCVLjbJ9qUtAXD
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 29, 2005 at 10:43:18AM -0700, Bill Studenmund wrote:
> On Sat, Aug 27, 2005 at 05:42:00PM +0200, Hubert Feyrer wrote:
> > On Sat, 27 Aug 2005, Elad Efrat wrote:
> >=20
> > Last, a question: do I understand it correctly that those two sysctl kn=
obs=20
> > allow/disallow retrieving process stats sysctls (e.g. for ps(1)) and=20
> > network stats sysvtls (e.g. for netstats(1)) for all/only the owner (an=
d=20
> > root) of a process?
> >=20
> > How about not showing processes e.g. outside a chroot, like we already =
do=20
> > for mountpooints?
> >=20
> > Mayve this whole "privacy" thing should be discussed through first...=
=20
> > ("design"?)
>=20
> Can we please not?

Oh, one thing I forgot to mention. I think that either Elad or Rui's=20
changes will not make things worse. It's not like we're opening up a=20
security back door. We are adding an optional restriction.

I would feel differently about designing things more if I thought we were=
=20
doing something that would open up a vulnerability in the mean time.

Take care,

Bill

--AkbCVLjbJ9qUtAXD
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDE0tHWz+3JHUci9cRAnHcAJ9NRFxhSPqwJ8F7NW+6ccT4yLbf4ACfXCNJ
atR7t0RNvElrGBxV6DH4uEs=
=QTZm
-----END PGP SIGNATURE-----

--AkbCVLjbJ9qUtAXD--