From 5dbe9d95ba6c01dda4fc6674a04710414cd4ca33 Mon Sep 17 00:00:00 2001
From: phk <phk@FreeBSD.org>
Date: Fri, 26 Nov 1999 08:27:16 +0000
Subject: Add a sysctl to control if argv is disclosed to the world: 
 kern.ps_argsopen It defaults to 1 which means that all users can see all
 argvs in ps(1).

Reviewed by:	Warner
---
 sys/kern/kern_exec.c | 3 +++
 sys/kern/kern_proc.c | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'sys/kern')

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 900da01..d78f562 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -77,6 +77,9 @@ u_long ps_arg_cache_limit = PAGE_SIZE / 16;
 SYSCTL_LONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
     &ps_arg_cache_limit, "");
 
+int ps_argsopen = 1;
+SYSCTL_INT(_kern, OID_AUTO, ps_argsopen, CTLFLAG_RW, &ps_argsopen, 0, "");
+
 /*
  * Each of the items is a pointer to a `const struct execsw', hence the
  * double pointer here.
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index e0f9ec1..356282e 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -633,7 +633,7 @@ sysctl_kern_proc_args SYSCTL_HANDLER_ARGS
 	if (!p)
 		return (0);
 
-	if (p_trespass(curproc, p))
+	if ((!ps_argsopen) && p_trespass(curproc, p))
 		return (0);
 
 	if (req->newptr && curproc != p)
-- 
cgit v1.1