Subject: Re: kern.showallprocs implementation
To: Bill Studenmund <>
From: Elad Efrat <>
List: tech-kern
Date: 08/29/2005 20:51:44
Bill Studenmund wrote:

> The one comment I have is in repsponse to the name. I suggest we go with 
> something similar to what FreeBSD has:
>      security.bsd.suser_enabled 	      integer	    yes
>      security.bsd.see_other_uids	      integer	    yes
>      security.bsd.unprivileged_proc_debug     integer	    yes
>      security.bsd.unprivileged_read_msgbuf    integer	    yes
> Obviously we don't have to have all of these nodes. But 
> "security.bsd.see_other_uids" seems about as good as "kern.privacy.proc".

I'd like to have a ``security'' node; but that's about it. :)

> I think it would be appropriate to have one knob control both the process 
> and socket ownership features in your (Elad's) code.

Why? You can have one big knob and multiple smaller knobs so you can
tune privacy the way you want it.


Elad Efrat
PGP Key ID: 0x666EB914