Subject: Re: kern.showallprocs implementation
To: Bill Studenmund <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 08/29/2005 20:51:44
Bill Studenmund wrote:
> The one comment I have is in repsponse to the name. I suggest we go with
> something similar to what FreeBSD has:
> security.bsd.suser_enabled integer yes
> security.bsd.see_other_uids integer yes
> security.bsd.unprivileged_proc_debug integer yes
> security.bsd.unprivileged_read_msgbuf integer yes
> Obviously we don't have to have all of these nodes. But
> "security.bsd.see_other_uids" seems about as good as "kern.privacy.proc".
I'd like to have a ``security'' node; but that's about it. :)
> I think it would be appropriate to have one knob control both the process
> and socket ownership features in your (Elad's) code.
Why? You can have one big knob and multiple smaller knobs so you can
tune privacy the way you want it.
PGP Key ID: 0x666EB914