From 43a0f7ae490d91ac646660eda3a3865c6699b559 Mon Sep 17 00:00:00 2001
From: Matthias Schmidt <matthias@dragonflybsd.org>
Date: Fri, 4 Jan 2008 12:16:19 +0000
Subject: [PATCH] Move the following entries from kern to security

- kern.ps_showallprocs
- kern.ps_showallthreads
- kern.unprivileged_read_msgbuf
- kern.hardlink_check_uid
- kern.hardlink_check_gid

This is only a cosmetic change helping users to find the right sysctls
more easily.  And it could help if we want to add more security related
function (eg MAC framework etc).

While here add missing description for three of them.
---
 sys/kern/kern_mib.c     |  4 +++-
 sys/kern/kern_proc.c    | 12 +++++++-----
 sys/kern/subr_prf.c     |  4 ++--
 sys/kern/vfs_syscalls.c |  6 +++---
 sys/sys/sysctl.h        |  3 ++-
 5 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index 7ba9ce39ba..f65425b092 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -38,7 +38,7 @@
  *
  *	@(#)kern_sysctl.c	8.4 (Berkeley) 4/14/94
  * $FreeBSD: src/sys/kern/kern_mib.c,v 1.29.2.4 2001/07/30 23:28:00 peter Exp $
- * $DragonFly: src/sys/kern/kern_mib.c,v 1.15 2007/01/19 07:23:42 dillon Exp $
+ * $DragonFly: src/sys/kern/kern_mib.c,v 1.16 2008/01/04 12:16:19 matthias Exp $
  */
 
 #include <sys/param.h>
@@ -77,6 +77,8 @@ SYSCTL_NODE(, CTL_LWKT,  lwkt,   CTLFLAG_RW, 0,
 
 SYSCTL_NODE(, OID_AUTO,  compat, CTLFLAG_RW, 0,
 	"Compatibility code");
+SYSCTL_NODE(, OID_AUTO,  security,   CTLFLAG_RW, 0,
+	"Security");
 
 SYSCTL_STRING(_kern, OID_AUTO, ident, CTLFLAG_RD,
     kern_ident, 0, "Kernel identifier");
diff --git a/sys/kern/kern_proc.c b/sys/kern/kern_proc.c
index 1aeb75cab1..1ea9e9faba 100644
--- a/sys/kern/kern_proc.c
+++ b/sys/kern/kern_proc.c
@@ -32,7 +32,7 @@
  *
  *	@(#)kern_proc.c	8.7 (Berkeley) 2/14/95
  * $FreeBSD: src/sys/kern/kern_proc.c,v 1.63.2.9 2003/05/08 07:47:16 kbyanc Exp $
- * $DragonFly: src/sys/kern/kern_proc.c,v 1.40 2007/11/02 18:47:34 dillon Exp $
+ * $DragonFly: src/sys/kern/kern_proc.c,v 1.41 2008/01/04 12:16:19 matthias Exp $
  */
 
 #include <sys/param.h>
@@ -63,10 +63,12 @@ MALLOC_DEFINE(M_SUBPROC, "subproc", "Proc sub-structures");
 
 int ps_showallprocs = 1;
 static int ps_showallthreads = 1;
-SYSCTL_INT(_kern, OID_AUTO, ps_showallprocs, CTLFLAG_RW,
-    &ps_showallprocs, 0, "");
-SYSCTL_INT(_kern, OID_AUTO, ps_showallthreads, CTLFLAG_RW,
-    &ps_showallthreads, 0, "");
+SYSCTL_INT(_security, OID_AUTO, ps_showallprocs, CTLFLAG_RW,
+    &ps_showallprocs, 0,
+    "Unprivileged processes can see proccesses with different UID/GID");
+SYSCTL_INT(_security, OID_AUTO, ps_showallthreads, CTLFLAG_RW,
+    &ps_showallthreads, 0,
+    "Unprivileged processes can see kernel threads");
 
 static void pgdelete(struct pgrp *);
 static void orphanpg(struct pgrp *pg);
diff --git a/sys/kern/subr_prf.c b/sys/kern/subr_prf.c
index 9b0eae9d6d..de4617ce81 100644
--- a/sys/kern/subr_prf.c
+++ b/sys/kern/subr_prf.c
@@ -37,7 +37,7 @@
  *
  *	@(#)subr_prf.c	8.3 (Berkeley) 1/21/94
  * $FreeBSD: src/sys/kern/subr_prf.c,v 1.61.2.5 2002/08/31 18:22:08 dwmalone Exp $
- * $DragonFly: src/sys/kern/subr_prf.c,v 1.19 2007/12/08 20:08:53 dillon Exp $
+ * $DragonFly: src/sys/kern/subr_prf.c,v 1.20 2008/01/04 12:16:19 matthias Exp $
  */
 
 #include "opt_ddb.h"
@@ -109,7 +109,7 @@ SYSCTL_INT(_kern, OID_AUTO, log_console_output, CTLFLAG_RW,
     &log_console_output, 0, "");
 
 static int unprivileged_read_msgbuf = 1;
-SYSCTL_INT(_kern, OID_AUTO, unprivileged_read_msgbuf, CTLFLAG_RW,
+SYSCTL_INT(_security, OID_AUTO, unprivileged_read_msgbuf, CTLFLAG_RW,
     &unprivileged_read_msgbuf, 0,
     "Unprivileged processes may read the kernel message buffer");
 
diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c
index 6b40b0fa14..b6ea0af364 100644
--- a/sys/kern/vfs_syscalls.c
+++ b/sys/kern/vfs_syscalls.c
@@ -37,7 +37,7 @@
  *
  *	@(#)vfs_syscalls.c	8.13 (Berkeley) 4/15/94
  * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.151.2.18 2003/04/04 20:35:58 tegge Exp $
- * $DragonFly: src/sys/kern/vfs_syscalls.c,v 1.123 2007/11/20 18:35:46 dillon Exp $
+ * $DragonFly: src/sys/kern/vfs_syscalls.c,v 1.124 2008/01/04 12:16:19 matthias Exp $
  */
 
 #include <sys/param.h>
@@ -1767,12 +1767,12 @@ sys_mkfifo(struct mkfifo_args *uap)
 }
 
 static int hardlink_check_uid = 0;
-SYSCTL_INT(_kern, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
+SYSCTL_INT(_security, OID_AUTO, hardlink_check_uid, CTLFLAG_RW,
     &hardlink_check_uid, 0, 
     "Unprivileged processes cannot create hard links to files owned by other "
     "users");
 static int hardlink_check_gid = 0;
-SYSCTL_INT(_kern, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
+SYSCTL_INT(_security, OID_AUTO, hardlink_check_gid, CTLFLAG_RW,
     &hardlink_check_gid, 0,
     "Unprivileged processes cannot create hard links to files owned by other "
     "groups");
diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
index b746e1ab96..2ccf8defff 100644
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@ -35,7 +35,7 @@
  *
  *	@(#)sysctl.h	8.1 (Berkeley) 6/2/93
  * $FreeBSD: src/sys/sys/sysctl.h,v 1.81.2.10 2003/05/01 22:48:09 trhodes Exp $
- * $DragonFly: src/sys/sys/sysctl.h,v 1.25 2007/10/02 12:57:01 hasso Exp $
+ * $DragonFly: src/sys/sys/sysctl.h,v 1.26 2008/01/04 12:16:19 matthias Exp $
  */
 
 #ifndef _SYS_SYSCTL_H_
@@ -606,6 +606,7 @@ SYSCTL_DECL(_machdep);
 SYSCTL_DECL(_user);
 SYSCTL_DECL(_compat);
 SYSCTL_DECL(_lwkt);
+SYSCTL_DECL(_security);
 
 /*
  * Common second-level oids.
-- 
2.41.0