Wojciech Puchar wrote:

> turn off viewing not owned processes for regular users?

Do you mean "only view processes owned by the user executing the command"?
This will have to be done in the kernel, in sys/kern/kern_sysctl.c at the
sysctl_doeproc function.

> possibility to turn off netstat, sysstat and similar commands will be nice
> too.
> 
> the best would be to prevent user from getting any system-wide information
> other than needed.

Some programs just read from kmem, others use sysctl() to do the work.
Having some global system of restricting access might be nice.  Feel
free to do an audit :-)

Simon.
--
Simon Burge                            <simonb@wasabisystems.com>
NetBSD Support and Service:         http://www.wasabisystems.com/