Turn off setgid-kmem for /bin/ps, it's now quite functional without it.
ps no longer needs /dev/*mem or /proc. (It will still use some /proc
files if they are available for -e, but it's not required, so it'll
happily run in a jail or chroot).
The proc stats are now part of eproc (obtained via sysctl) and no longer
needs to beat up the u-page reading code and the problems with that.
This also has the side effect of disabling 'ps -e' for normal users
*EXCEPT* when looking at their own processes. ie: they can see
environments in processes with their uid, enforced by the ownership of
/proc/*/mem. Root can still see them all, as it can open all /proc/*/mem.
for users who are root, or in group wheel. This is useful on large timesharing
systems where a PS command can cause the system to grind to a halt. The
ability to get the information isn't diminished for those who really need the
additional detail (administrators.) Normal users won't see any difference unless
the processes are swapped out. The "really get it mode" is invoked by the
use of an additional flag in the command string "-f". New/old behavior is
selectable with a compile option.
PR: 5196
Submitted by: Matt Dillon <dillon@best.net>
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
that old `ps'es did. I'm not too thrilled about this, but I'm not
enough of an FS person to hack procfs so that /proc/xxx/mem is readable
by members of group `kmem'. If this is done, then `ps' can go back to
being set-gid kmem.