--ghzN8eJ9Qlbqn3iT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Aug 27, 2005 at 12:07:54AM +0300, Elad Efrat wrote:
> Geert Hendrickx wrote:
>=20
> > Users may accept that it works differently in future 4.0 than it would =
in 3.0. =20
>=20
> I already discussed this with Rui. If you insist on having this feature
> for NetBSD 3.0, then either implement a ``kern.privacy'' node and add
> something like ``kern.privacy.proc'', or I'll do it myself, but *please*
> don't use something like ``kern.showallprocs''.

The one comment I have is in repsponse to the name. I suggest we go with=20
something similar to what FreeBSD has:

     security.bsd.suser_enabled 	      integer	    yes
     security.bsd.see_other_uids	      integer	    yes
     security.bsd.unprivileged_proc_debug     integer	    yes
     security.bsd.unprivileged_read_msgbuf    integer	    yes

Obviously we don't have to have all of these nodes. But=20
"security.bsd.see_other_uids" seems about as good as "kern.privacy.proc".

I think it would be appropriate to have one knob control both the process=
=20
and socket ownership features in your (Elad's) code.

Take care,

Bill

--ghzN8eJ9Qlbqn3iT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDE0pPWz+3JHUci9cRAlxBAJ0cRH7oEKuVRK6NfE3UZh0jx7QY8wCeOM/H
umrTQXj65juBNQZhiCgNkQc=
=uh0N
-----END PGP SIGNATURE-----

--ghzN8eJ9Qlbqn3iT--