Subject: Re: kern.showallprocs implementation
To: None <tech-security@netbsd.org>
From: Rui Paulo <rpaulo@NetBSD.org>
List: tech-security
Date: 08/30/2005 02:02:13
--AGZzQgpsuUlWC1xT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 2005.08.29 20:05:19 +0000, Allen Briggs wrote:
| [ Suggesting followups to tech-security@ rather than tech-kern@ ]
|=20
| On Mon, Aug 29, 2005 at 03:24:09PM -0700, Bill Studenmund wrote:
| > Part of the reason I suggested using the FreeBSD names is that no names=
=20
| > jump out at me as the best name to use. So in cases of indecision, go w=
ith=20
| > prior art. :-)
|=20
| If we don't have a policy, or enough of a policy, to suggest another
| name, then it makes sense to use the existing name.  People do go
| back and forth between the systems, and such differences can be a
| real pain.  If there's a good reason for a difference, that's one
| thing, but if we just don't like the name, that's not a good enough
| reason for me.

I don't think there is a good reason for a difference and it never was.
IIRC, there are several sysctl nodes that do the same in FreeBSD and
NetBSD and they have different names for no reason.
I don't have FreeBSD at hand to give examples, though.

| Thinking about this a _little_ more, though, the desire is to
| create, in some sense, a somewhat stricter user model--isolating
| the user from some parts of the system more completely.  The purpose
| isn't to allow users to see things they can't see now, but rather
| the opposite.
|=20
| Really, though, there are several things here that we might want
| to protect the information on:
|=20
| 	* processes
|=20
| 	* network sockets
|=20
| 	* file descriptor tables
|=20
| 	* route tables
|=20
| 	* mount tables
|=20
| 	* ipf rules
|=20
| 	* interface lists

Yeah, we could extend it further.

		-- Rui Paulo

--AGZzQgpsuUlWC1xT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFDE7AVZPqyxs9FH4QRAmlLAKCYSvrxOfYNRGa/swsJuUl62y0WIQCdGqle
/zU2MgcmiTfz3y0vBgJhqOU=
=pbc1
-----END PGP SIGNATURE-----

--AGZzQgpsuUlWC1xT--