From owner-freebsd-hackers@FreeBSD.ORG Fri Jan 26 07:16:44 2007 Return-Path: X-Original-To: freebsd-hackers@freebsd.org Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3592C16A401 for ; Fri, 26 Jan 2007 07:16:44 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from smtp4.yandex.ru (smtp4.yandex.ru [213.180.223.136]) by mx1.freebsd.org (Postfix) with ESMTP id 6C58913C484 for ; Fri, 26 Jan 2007 07:16:43 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from ns.kirov.so-cdu.ru ([87.226.153.33]:18185 "EHLO [127.0.0.1]" smtp-auth: "bu7cher" TLS-CIPHER: "DHE-RSA-AES256-SHA keybits 256/256 version TLSv1/SSLv3" TLS-PEER-CN1: ) by mail.yandex.ru with ESMTP id S7767786AbXAZG7U (ORCPT ); Fri, 26 Jan 2007 09:59:20 +0300 X-Comment: RFC 2476 MSA function at smtp4.yandex.ru logged sender identity as: bu7cher Message-ID: <45B9A6C5.7000400@yandex.ru> Date: Fri, 26 Jan 2007 09:59:17 +0300 From: "Andrey V. Elsukov" User-Agent: Mozilla Thunderbird 1.5 (FreeBSD/20051231) MIME-Version: 1.0 To: freebsd-hackers@freebsd.org References: <082f01c73ee3$c6b3f810$970da8c0@jam.zenon.net> In-Reply-To: <082f01c73ee3$c6b3f810$970da8c0@jam.zenon.net> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: how to deny reading of several sysctls (for a set of uids, f.e.) X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jan 2007 07:16:44 -0000 Andrew N. Below wrote: > I also thought about passing control variable from libc > to kernel, but it seems to be bad idea. > > Any other ways? As an idea - maybe you can implement this feature as MAC module? Looks for a mac_check_system_sysctl function. -- WBR, Andrey V. Elsukov