Subject: Re: Restricting kern.proc* access
To: None <tech-kern@netbsd.org>
From: None <xs@nitric.net>
List: tech-kern
Date: 10/17/2001 21:56:54
on Wed, Oct 17, 2001 at 08:40:31PM +0000, Christos Zoulas wrote:
> In article <20011017213051.A12053@nitric.net>,  <xs@nitric.net> wrote:
[...]
> >The patches introduce two new sysctls, kern.restrict_proc and
> >kern.restrict_ proc_gid.
> >When kern.restrict_proc is set to 1, (it defaults to 0) only root
> >and those users in the group specified numerically by
> >kern.restrict_proc_gid may view the details of processes they do
> >not own. Normal users may only see their own processes.
[...]
> 
> Is there a real reason to have 2 sysctl variables? You could use -1 
> in the kern.restrict_proc_gid for the the unrestricted case..

yes, I considered that. But gid_t is, as far as I can see, unsigned.
So -1 could be a legitimate value. Would it be better to keep two 
variables, but interpret one sysctl?