Add a sysctl to control if argv is disclosed to the world:

kern.ps_argsopen It defaults to 1 which means that all users can see all argvs in ps(1). Reviewed by: Warner
author: phk <phk@FreeBSD.org> 1999-11-26 08:27:16 +0000
committer: phk <phk@FreeBSD.org> 1999-11-26 08:27:16 +0000
commit: 5dbe9d95ba6c01dda4fc6674a04710414cd4ca33 (patch)
tree: c9a18340e1e69709e2663404bbe98cdd1b78ed8a /sys/kern
parent: 42632fd0a6ccbef70e0dce9f1ca707c8b8a71135 (diff)
download: FreeBSD-src-5dbe9d95ba6c01dda4fc6674a04710414cd4ca33.zip
FreeBSD-src-5dbe9d95ba6c01dda4fc6674a04710414cd4ca33.tar.gz
2 files changed, 4 insertions, 1 deletions
diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 900da01..d78f562 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -77,6 +77,9 @@ u_long ps_arg_cache_limit = PAGE_SIZE / 16;
 SYSCTL_LONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
     &ps_arg_cache_limit, "");
 
+int ps_argsopen = 1;
+SYSCTL_INT(_kern, OID_AUTO, ps_argsopen, CTLFLAG_RW, &ps_argsopen, 0, "");
+
 /*
  * Each of the items is a pointer to a `const struct execsw', hence the
  * double pointer here.
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index e0f9ec1..356282e 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -633,7 +633,7 @@ sysctl_kern_proc_args SYSCTL_HANDLER_ARGS
 	if (!p)
 		return (0);
 
-	if (p_trespass(curproc, p))
+	if ((!ps_argsopen) && p_trespass(curproc, p))
 		return (0);
 
 	if (req->newptr && curproc != p)
author	phk <phk@FreeBSD.org>	1999-11-26 08:27:16 +0000
committer	phk <phk@FreeBSD.org>	1999-11-26 08:27:16 +0000
commit	5dbe9d95ba6c01dda4fc6674a04710414cd4ca33 (patch)
tree	c9a18340e1e69709e2663404bbe98cdd1b78ed8a /sys/kern
parent	42632fd0a6ccbef70e0dce9f1ca707c8b8a71135 (diff)
download	FreeBSD-src-5dbe9d95ba6c01dda4fc6674a04710414cd4ca33.zip FreeBSD-src-5dbe9d95ba6c01dda4fc6674a04710414cd4ca33.tar.gz