Subject: Re: kern.showallprocs implementation
To: None <firstname.lastname@example.org>
From: Rui Paulo <rpaulo@NetBSD.org>
Date: 08/30/2005 02:02:13
Content-Type: text/plain; charset=us-ascii
On 2005.08.29 20:05:19 +0000, Allen Briggs wrote:
| [ Suggesting followups to tech-security@ rather than tech-kern@ ]
| On Mon, Aug 29, 2005 at 03:24:09PM -0700, Bill Studenmund wrote:
| > Part of the reason I suggested using the FreeBSD names is that no names=
| > jump out at me as the best name to use. So in cases of indecision, go w=
| > prior art. :-)
| If we don't have a policy, or enough of a policy, to suggest another
| name, then it makes sense to use the existing name. People do go
| back and forth between the systems, and such differences can be a
| real pain. If there's a good reason for a difference, that's one
| thing, but if we just don't like the name, that's not a good enough
| reason for me.
I don't think there is a good reason for a difference and it never was.
IIRC, there are several sysctl nodes that do the same in FreeBSD and
NetBSD and they have different names for no reason.
I don't have FreeBSD at hand to give examples, though.
| Thinking about this a _little_ more, though, the desire is to
| create, in some sense, a somewhat stricter user model--isolating
| the user from some parts of the system more completely. The purpose
| isn't to allow users to see things they can't see now, but rather
| the opposite.
| Really, though, there are several things here that we might want
| to protect the information on:
| * processes
| * network sockets
| * file descriptor tables
| * route tables
| * mount tables
| * ipf rules
| * interface lists
Yeah, we could extend it further.
-- Rui Paulo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
-----END PGP SIGNATURE-----