Subject: Re: kern.showallprocs implementation
To: Juan RP <firstname.lastname@example.org>
From: Bill Studenmund <email@example.com>
Date: 08/30/2005 11:20:59
Content-Type: text/plain; charset=us-ascii
On Tue, Aug 30, 2005 at 12:33:34PM +0200, Juan RP wrote:
> On Mon, 29 Aug 2005 23:46:38 -0400 (EDT)
> der Mouse <mouse@Rodents.Montreal.QC.CA> wrote:
> > The only downside I see to it is user confusion, both intra-NetBSD
> > ("why two variables for the same thing?") and inter-BSD ("why are Net
> > and Free different here?").
> > I prefer positive names too, in isolation - but I think inter-BSD
> > compatability is the stronger force here.
> I agree here: positive names and two nodes (showproc/showinet).
I don't care about positive vs. negative. Sounds like "show" is more=20
prefered, which is fine with me.
However why two knobs? I already can envision a third (see file=20
descriptors, a la fstat), and I expect someone else will find a fourth.
Please, please, please explain to me why we would want to set one of the=20
knobs and not others.
Yes, I see an artistic beauty to having fine-grained knobs. But we are
talking about security policy, and I think that we and our admins will=20
have a better operational experience if we have one knob. At least until=20
we find real-world examples of why folks want one knob enabled and others=
All the models I can come up with about hiding either processes or sockets=
(or file descriptors) really want them all hidden. When is it good for a=20
user to not be able to see processes or file descriptors yet still be able=
to tell that some process has port tcp/80 open? :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----