Subject: kern/14282: patch against 1.5.1 to add kern.restrict_proc and kern.restrict_proc_gid
To: None <gnats-bugs@gnats.netbsd.org>
From: None <xs@nitric.net>
List: netbsd-bugs
Date: 10/18/2001 03:52:57
>Number:         14282
>Category:       kern
>Synopsis:       patch against 1.5.1 to add kern.restrict_proc and kern.restrict_proc_gid
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 18 03:54:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     xs
>Release:        1.5.1
>Organization:
>Environment:
NetBSD freeze 1.5.1 NetBSD 1.5.1 (freeze) #6: Wed Oct 17 02:09:43 BST 2001     root@freeze:/usr/src/sys/arch/i386/compile/freeze i386
>Description:
The patches introduce two new sysctls, kern.restrict_proc and
kern.restrict_ proc_gid.
When kern.restrict_proc is set to 1, (it defaults to 0) only root
and those users in the group specified numerically by
kern.restrict_proc_gid may view the details of processes they do
not own. Normal users may only see their own processes.

I chose to use two sysctls, because if only kern.restrict_proc_gid
existed and -1 was used to disable the functionality, -1 could
theoretically be a valid gid (since gid is unsigned afaics).

I believe this patch is useful because it gives users privacy
from each others whilst at the same time not limiting the genuine
need for some users (say, system administration staff) to be able
to see everything that is going on without always becoming the
superuser. One example where this would be useful is on a shell
server. (depending on it's policy)

>How-To-Repeat:

>Fix:
The patches are against 1.5.1, as I have not yet got the -current
source anywhere. They are available here:

http://nitric.net/~xs/restrict_proc.tar.gz

>Release-Note:
>Audit-Trail:
>Unformatted: