Subject: Re: kern.showallprocs implementation
To: Hubert Feyrer <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 08/29/2005 10:52:07
Content-Type: text/plain; charset=us-ascii
On Mon, Aug 29, 2005 at 10:43:18AM -0700, Bill Studenmund wrote:
> On Sat, Aug 27, 2005 at 05:42:00PM +0200, Hubert Feyrer wrote:
> > On Sat, 27 Aug 2005, Elad Efrat wrote:
> > Last, a question: do I understand it correctly that those two sysctl kn=
> > allow/disallow retrieving process stats sysctls (e.g. for ps(1)) and=20
> > network stats sysvtls (e.g. for netstats(1)) for all/only the owner (an=
> > root) of a process?
> > How about not showing processes e.g. outside a chroot, like we already =
> > for mountpooints?
> > Mayve this whole "privacy" thing should be discussed through first...=
> > ("design"?)
> Can we please not?
Oh, one thing I forgot to mention. I think that either Elad or Rui's=20
changes will not make things worse. It's not like we're opening up a=20
security back door. We are adding an optional restriction.
I would feel differently about designing things more if I thought we were=
doing something that would open up a vulnerability in the mean time.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----