Subject: Re: kern.showallprocs implementation
To: Steven M. Bellovin <>
From: Elad Efrat <>
List: tech-kern
Date: 08/30/2005 19:16:23
Steven M. Bellovin wrote:

> Compatibilty is a good thing, in my opinion.  I suggest that we find 
> out why FreeBSD picked the name they did.

``The security.bsd sysctl hierarchy sets global properties of the BSD
security model. The following sysctls are defined:''

This is the name chosen for this node by FreeBSD.

If we have a closer look at the features, we can clearly see that they
(most of them) were definately not introduced in FreeBSD, nor any BSD:

see_other_uids, see_other_gids - 3rd-party patches for these were around
for years.

hardlink_check_uid, hardlink_check_gid - These were implemented by Solar
Designer (first in Openwall, now Owl) for almost a decade now.

suser_enabled - out of the question for us, at the moment.

conservative_signals, unprivileged_proc_debug,
unprivileged_read_msgbuf, unprivileged_get_quota- don't we want these
per-program (perhaps inside a per-program policy..?) or per-user?

Bottom line is that these features are not any ``BSD security model''
that was discussed; it's a collection of commonly requested features
as implemented in FreeBSD. I see no reason to keep any compatibility.


Elad Efrat
PGP Key ID: 0x666EB914