GitLab

The kenv(2) syscall currently allows anyone to inspect the kernel environment, regardless of privilege or jail. Since kenv can expose potentially sensitive information, we should limit its access to privileged, unjailed accounts.