Subject: re: Getting rid of /dev/veriexec
To: Nathan J. Williams <>
From: matthew green <>
List: tech-kern
Date: 12/03/2005 10:18:20
   > Nathan J. Williams wrote:
   > > I object to those, too.
   > Why?
   The same reason; I don't like sysctl being used for things other than
   individual knobs. I'm OK with sysctl(8) as a UI, but I don't think
   that sysctl(3) does much but duplicate other infrastructure - namely,
   the filesystem.

while i agree that using sysctl for "control" interface is not
perhaps the right thing, using it to export data is something
that's been true for a long time and using it to remove set-id
bits from various apps has been a goal of the project for a
long time.  it's not just security, either - it means that ps(1)
works always now, even 32 bit ps(1) 64 bit kernel.

things like ps/trpt/trsp changes left the old kmem grovelling
code for crash dump analysis.