Index: lib/libc/gen/sysctl.3
===================================================================
RCS file: /cvs/src/lib/libc/gen/sysctl.3,v
retrieving revision 1.246
diff -u -p -u -r1.246 sysctl.3
--- lib/libc/gen/sysctl.3	22 Dec 2014 03:33:18 -0000	1.246
+++ lib/libc/gen/sysctl.3	27 Jan 2015 13:33:09 -0000
@@ -466,6 +466,7 @@ information.
 .It Dv KERN_USERMOUNT Ta "integer" Ta "yes"
 .It Dv KERN_VERSION Ta "string" Ta "no"
 .It Dv KERN_WATCHDOG Ta "node" Ta "not applicable"
+.It Dv KERN_HIDEPROC Ta "integer" Ta "yes"
 .El
 .Bl -tag -width "123456"
 .It Dv KERN_ARGMAX
@@ -1071,6 +1072,9 @@ variable.
 .It Dv KERN_WATCHDOG_PERIOD
 The period of the watchdog timer in seconds.
 Set to 0 to disable the watchdog timer.
+.It Dv KERN_HIDEPROC
+If set to 1, the kernel will only list processes belonging to the user
+making the call, except if the user is root.
 .El
 .El
 .Ss CTL_MACHDEP
Index: sbin/sysctl/sysctl.8
===================================================================
RCS file: /cvs/src/sbin/sysctl/sysctl.8,v
retrieving revision 1.186
diff -u -p -u -r1.186 sysctl.8
--- sbin/sysctl/sysctl.8	12 Dec 2014 08:42:48 -0000	1.186
+++ sbin/sysctl/sysctl.8	27 Jan 2015 13:33:11 -0000
@@ -197,6 +197,7 @@ and a few require a kernel compiled with
 .It kern.maxlocksperuid Ta integer Ta yes
 .It kern.bufcachepercent Ta integer Ta yes
 .It kern.consdev Ta string Ta no
+.It kern.hideproc Ta integer Ta yes
 .It kern.global_ptrace Ta integer Ta yes
 .It vm.vmmeter Ta struct Ta no
 .It vm.loadavg Ta struct Ta no
Index: sys/kern/kern_sysctl.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.279
diff -u -p -u -r1.279 kern_sysctl.c
--- sys/kern/kern_sysctl.c	20 Jan 2015 19:43:21 -0000	1.279
+++ sys/kern/kern_sysctl.c	27 Jan 2015 13:33:11 -0000
@@ -245,6 +245,7 @@ int hostnamelen;
 char domainname[MAXHOSTNAMELEN];
 int domainnamelen;
 long hostid;
+int hideproc;
 char *disknames = NULL;
 struct diskstats *diskstats = NULL;
 #ifdef INSECURE
@@ -594,6 +595,8 @@ kern_sysctl(int *name, u_int namelen, vo
 		return sysctl_rdstruct(oldp, oldlenp, newp, &dev, sizeof(dev));
 	case KERN_NETLIVELOCKS:
 		return (sysctl_rdint(oldp, oldlenp, newp, net_livelocks));
+	case KERN_HIDEPROC:
+		return(sysctl_int(oldp, oldlenp, newp, newlen, &hideproc));
 	case KERN_POOL_DEBUG: {
 		int old_pool_debug = pool_debug;
 
@@ -1372,6 +1375,17 @@ again:
 		 * Skip embryonic processes.
 		 */
 		if (pr->ps_flags & PS_EMBRYO)
+			continue;
+
+		/*
+		* Only show user owned processes if hideproc flag is set
+		* or the last exec gave us setuid/setgid privs
+		* (unless you're root).
+		*/
+
+		if ( hideproc > 0 && (pr != curproc->p_p &&
+			(pr->ps_ucred->cr_ruid != curproc->p_ucred->cr_ruid ||
+			(pr->ps_flags & PS_SUGID)) && suser(curproc, 0) != 0))
 			continue;
 
 		/*
Index: sys/sys/sysctl.h
===================================================================
RCS file: /cvs/src/sys/sys/sysctl.h,v
retrieving revision 1.154
diff -u -p -u -r1.154 sysctl.h
--- sys/sys/sysctl.h	13 Jan 2015 10:07:58 -0000	1.154
+++ sys/sys/sysctl.h	27 Jan 2015 13:33:11 -0000
@@ -184,7 +184,8 @@ struct ctlname {
 #define	KERN_GLOBAL_PTRACE	81	/* allow ptrace globally */
 #define	KERN_CONSBUFSIZE	82	/* int: console message buffer size */
 #define	KERN_CONSBUF		83	/* console message buffer */
-#define	KERN_MAXID		84	/* number of valid kern ids */
+#define KERN_HIDEPROC		84	/* int: system hide other procs */
+#define	KERN_MAXID		85	/* number of valid kern ids */
 
 #define	CTL_KERN_NAMES { \
 	{ 0, 0 }, \
@@ -269,6 +270,9 @@ struct ctlname {
 	{ "proc_nobroadcastkill", CTLTYPE_NODE }, \
 	{ "proc_vmmap", CTLTYPE_NODE }, \
 	{ "global_ptrace", CTLTYPE_INT }, \
+	{ "gap", 0 }, \
+	{ "gap", 0 }, \
+	{ "hideproc", CTLTYPE_INT }, \
 }
 
 /*