On Thu, 18 Feb 1999, Lyndon Nerenberg wrote: > > > Basically, it is a patch into libkvm and w, that will allow a user (with > > > the exception to the super user, naturally) to only view processes or > > > information belonging to him/herself. > > > The only problem with this is setuid binaries. The processes may have > > been started by me (top, etc..), but this wouldn't allow me to monitor > > the process once it's started. > > And, anything that can read /dev/[k]mem is free to bypass libkvm and just > grovel around in the kernel memory space, anyway.
Not only that - you would need to disable other holes as well, which has been done on purpose. Think of /procfs and sysctl kern.proc..something. Andrzej Bialecki -------------------- ++-------++ ------------------------------------- <ab...@nask.pl> ||PicoBSD|| FreeBSD in your pocket? Go and see: Research & Academic |+-------+| "Small & Embedded FreeBSD" Network in Poland | |TT~~~| | http://www.freebsd.org/~picobsd/ -------------------- ~-+==---+-+ ------------------------------------- To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-current" in the body of the message
