From owner-freebsd-questions@FreeBSD.ORG Fri Oct 12 13:08:30 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3D302725 for ; Fri, 12 Oct 2012 13:08:30 +0000 (UTC) (envelope-from schultz@ime.usp.br) Received: from netuno.ime.usp.br (netuno.ime.usp.br [143.107.45.90]) by mx1.freebsd.org (Postfix) with ESMTP id E734E8FC0A for ; Fri, 12 Oct 2012 13:08:29 +0000 (UTC) Received: from arachne.ime.usp.br (arachne.ime.usp.br [143.107.45.22]) by netuno.ime.usp.br (Postfix) with ESMTP id D89191278CD5 for ; Fri, 12 Oct 2012 09:59:15 -0300 (BRT) Received: by arachne.ime.usp.br (Postfix, from userid 112) id D320036D6001; Fri, 12 Oct 2012 09:59:15 -0300 (BRT) Received: from b1201654.virtua.com.br (b1201654.virtua.com.br [177.32.22.84]) by webmail.ime.usp.br (Horde Framework) with HTTP; Fri, 12 Oct 2012 09:59:15 -0300 Message-ID: <20121012095915.470864k9735iy883@webmail.ime.usp.br> Date: Fri, 12 Oct 2012 09:59:15 -0300 From: schultz@ime.usp.br To: freebsd-questions@freebsd.org Subject: Sysctls and privacy MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.3.10) X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,MISSING_MID, UNPARSEABLE_RELAY autolearn=no version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on netuno.ime.usp.br X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Oct 2012 13:08:30 -0000 In my system I use separate user accounts for running untrusted programs at the moment. While many will probably argue that jails are a superior solution, in my specific case its the inverse. I know FreeBSD is not ready by default to have multiple untrusted users in the system, at least from a security viewpoint. I have done quite a bit of changes to make the situation better. However, there is something bugging me. Some sysctls apparently expose too much information about the system. Some examples: the number of context switches, the number of forks, the total used memory (at the byte level), the total used space for each file system (at the byte level) and even a graph of how my GEOM devices are organized! I know some programs like gkrellm need this information to function, but on the other hand, I feel pretty uncomfortable with the information presented by gkrellm being logged. It's at the very least a loss of privacy. So, I would like to ask for a way to disable user access to all sysctls that are not needed by basic user programs (shell, terminal, etc). Also, if possible, I would like to have a group of users to whom these sysctls are accessible as an exception (to run gkrellm). Thanks for your time.