Simon Burge wrote:

> I wonder if this means that the correct behavior for
> "kill(<other-users-process-id>, sig)" with this knob disabled is to
> return ESRCH or EPERM?

Ideally, we could get away with ESRCH. You can always write a program
that will spin on trying to attach to a specific PID, so it doesn't
really matter. We should make sure that determining what PIDs are
running is as far as someone can get.

-e.

-- 
Elad Efrat
PGP Key ID: 0x666EB914