Subject: Re: kern.showallprocs implementation
To: None <,>
From: Allen Briggs <>
List: tech-security
Date: 08/29/2005 20:05:19
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

[ Suggesting followups to tech-security@ rather than tech-kern@ ]

On Mon, Aug 29, 2005 at 03:24:09PM -0700, Bill Studenmund wrote:
> Part of the reason I suggested using the FreeBSD names is that no names=
> jump out at me as the best name to use. So in cases of indecision, go wit=
> prior art. :-)

If we don't have a policy, or enough of a policy, to suggest another
name, then it makes sense to use the existing name.  People do go
back and forth between the systems, and such differences can be a
real pain.  If there's a good reason for a difference, that's one
thing, but if we just don't like the name, that's not a good enough
reason for me.

Thinking about this a _little_ more, though, the desire is to
create, in some sense, a somewhat stricter user model--isolating
the user from some parts of the system more completely.  The purpose
isn't to allow users to see things they can't see now, but rather
the opposite.

Really, though, there are several things here that we might want
to protect the information on:

	* processes

	* network sockets

	* file descriptor tables

	* route tables

	* mount tables

	* ipf rules

	* interface lists

systrace could probably deal with some of these (where it's either
"yes or no" instead of "some of them").  In some ways, getting this
information from /kern with real filesystem semantics (and some
way of preserving mode settings across boots) for access would make
the most sense to me (/proc would make sense as a node under /kern
here, too).

Note that I'm not really proposing this as I haven't really thought
it out--it's just my reaction to the current discussion.


                  Use NetBSD!

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.1 (NetBSD)