> 
> I think this is a bad option for a default installation.
> Maybe if there is a netbsd-secure add-on, it would go in there.

i wrote about user_ps_ax to be default to 1 which means standard behavior.

 
> In some email I received from wojtek@3miasto.net, sie wrote:
> > i would like to add option to disable readability of process info of other
> > users completely for non-root (like in linux with secure-linux patch):
> > 
> > i have almost no experience in kernel programming so is it a good idea to 
> > change:
> > 
> > 	/* only root or same user change look at the environment */
> > 	if (type == KERN_PROC_ENV || type == KERN_PROC_NENV) {
> >    		if (up->p_ucred->cr_uid != 0) {
> > 			if (up->p_cred->p_ruid != p->p_cred->p_ruid ||
> > 			    up->p_cred->p_ruid != p->p_cred->p_svuid)
> > 				return (EPERM);
> > 		}
> > 
> > to:
> > 
> > 	/* only root or same user change look at the environment
> >            (user_ps_ax!=0) or anything (user_ps_ax==0) */
> > 	if (!user_ps_ax || type == KERN_PROC_ENV || type == KERN_PROC_NENV) {
> > 		if (up->p_ucred->cr_uid != 0) {
> > 			if (up->p_cred->p_ruid != p->p_cred->p_ruid ||
> > 			    up->p_cred->p_ruid != p->p_cred->p_svuid)
> > 				return (EPERM);
> > 		}
> > 
> > 
> > and then lines for sysctl interface (kern.user_ps_ax ?) for user_ps_ax
> > variable which defaults to 1 but could be changed to 0.
> > 
> > 
> > 
> > 
> > 
> 

-----------------------------------------------
UNIX *is* user friendly.
It is just a bit selective about his friends.