From owner-freebsd-arch  Wed Oct 10 13:46:53 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 82B5437B405
	for <arch@FreeBSD.org>; Wed, 10 Oct 2001 13:46:49 -0700 (PDT)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id f9AKkmB60522;
	Wed, 10 Oct 2001 16:46:48 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 10 Oct 2001 16:46:48 -0400 (EDT)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: arch@FreeBSD.org
Cc: Dag-Erling Smorgrav <des@ofug.org>
Subject: Re: cvs commit: src/sys/kern kern_proc.c kern_prot.c uipc_socket.c uipc_usrreq.c src/sys/netinet raw_ip.c tcp_subr.c udp_usrreq.c
In-Reply-To: <20011010101053.A9313@dragon.nuxi.com>
Message-ID: <Pine.NEB.3.96L.1011010162119.58824C-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG


On Wed, 10 Oct 2001, David O'Brien wrote:

> On Wed, Oct 10, 2001 at 11:56:57AM -0400, Garrett Wollman wrote:
> > <<On 10 Oct 2001 17:53:16 +0200, Dag-Erling Smorgrav <des@ofug.org> said:
> > 
> > > Unless you can provide an argument showing that this is necessary to
> > > the correct operation of a FreeBSD system, I'll simply ignore your
> > > contribution to this discussion.
> > 
> > And I'll simply ignore your ``contribution'' as well, if that's how
> > you feel about it.
> > 
> > You asked ``would people mind a lot''.  I answered the question: yes,
> > people would mind a great deal.  The process table is *public
> > information*, and has always been so in the entire history of UNIX.
> > You are proposing a totally unacceptable POLA violation.
> 
> I agree.  It would be POLA.  Put something in /etc/rc* that sets it to
> `0' if a high SECURE_LEVEL is set, if you like.  Otherwise, leave Unix
> alone.

The proper solution may simply be to use /etc/sysctl.conf, and possibly to
teach sysinstall how to read/edit the file properly, as well as the
meanings of some popular values.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message