tech-kern: Re: kern.showallprocs implementation

Subject: Re: kern.showallprocs implementation
To: Bill Studenmund <wrstuden@netbsd.org>
From: Rui Paulo <rpaulo@NetBSD.org>
List: tech-kern
Date: 08/30/2005 03:18:41
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.08.29 19:03:29 +0000, Bill Studenmund wrote:
| On Tue, Aug 30, 2005 at 01:50:12AM +0100, Rui Paulo wrote:
| > On 2005.08.29 17:05:35 +0000, Bill Studenmund wrote:
| > | security.bsd.what? What name do you propose for the last component?
| >=20
| > security.bsd.hideproc
| > security.bsd.hideinet
|=20
| Please, use one knob. Or please explain to me a realistic situation where=
=20
| we want one yes and the other no.
|=20
| Really, please explain a likely case where we want one blocking and not=
=20
| the other.
|=20
| All the times I can think I'd like to deny a proc/user knowledge about=20
| other processes, I also want to deny that proc/user knowledge about open=
=20
| sockets (and file descriptors and all the other things we can think to=20
| extend this to).
|=20
| Say the admin blocks process visibility. If I can still see there's an
| open listen socket on tcp/80, what do you bet there's a web server on the
| box?  Likewise, say I block sockets visibility but not process. If I see=
=20
| "httpd" in ps, what do you bet something fun is at 80, 8000, or 8080? :-)
|=20
| So I think if we want blocking, we want all blocks on or all off.
|=20
| While it doesn't matter much with just two knobs, I already would love us=
=20
| to add fstat support. So that would be a third knob. Then we add it to=20
| another subsystem, and we have a fourth knob. And so on.
|=20
| So we will have all these knobs, and we want to flip them all the same wa=
y=20
| all the time. Thus it strikes me as error-prone to have a lot of switches=
=20
| that need to be flipped together. It seems much safer to make one big=20
| switch.
|=20
| I agree there is an intelectual purity to having separate knobs for each=
=20
| subsystem. However I think we'll be better off making one knob for now.
|=20
| Also, we are taking an incrimental step. Let's add the one knob, then we=
=20
| can add sub-knobs if we find applications that need them. We are, after=
=20
| all, going to evolve the interface. :-)

So, explain me why we have securelevel -1, 0, 1 and 2. :)
But anyway, we'll get nowhere if we keep discussing how many knobs will we
have... Just go for one knob and then let's see what happens.

		-- Rui Paulo

--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFDE8IAZPqyxs9FH4QRAgtVAJ9f6hR2ybrv+TO7cXKXwSYswhwARwCdHnYH
NhunC9A6Vj9ovzGGkUkMshw=
=JjUE
-----END PGP SIGNATURE-----

--gBBFr7Ir9EOA20Yy--