I would love to see a kernel with at least an option to hide the process tables from prying eyes. Unfortunately, Linux kernel code hacking would turn my head inside out, so I'll leave it to the folks who know what's going on.

Sorry, this isn't very Perl-ish, but to offer an answer to this, it may be as simple as this:

--- linux/fs/proc/base.c.orig Sat Jan 27 15:18:24 2001
+++ linux/fs/proc/base.c      Sat Jan 27 15:19:19 2001
@@ -497,3 +497,3 @@
   E(PROC_PID_STATUS,   "status",       S_IFREG|S_IRUGO),
-  E(PROC_PID_CMDLINE,  "cmdline",      S_IFREG|S_IRUGO),
+  E(PROC_PID_CMDLINE,  "cmdline",      S_IFREG|S_IRUSR),
   E(PROC_PID_STAT,     "stat",         S_IFREG|S_IRUGO),
[download]

Of course, I don't have a Linux system I'm willing to test this with, and I don't know if it will break any other /proc-based tools or 'ps' itself if it can't read the command line for processes the user doesn't owns. I'd be interested in seeing if that works though.

An interesting variation would be to use S_IFREG|S_IRUSR|S_IRGRP, which would give users in the same group the ability to see the command line as well, but nobody else.