> > this hides more kernel pointers in the kinfo proc struct and > > introduces a backdoor for the kmem group. also hoist the permission > > test up out of the loops. > > Why should we have a backdoor for the group kmem? There are several > programs installed setgid kmem and this could expose those pointers > though them.
Unless they are very very careful. That's the point of contention. I have mailed a diff to some people... it is a nasty situation, moving the trust level up a level.. Of course, currently there is no trust level at all.
