git: 32a9108cdcc6 - stable/13 - cr_canseeotheruids(9): Revamp, mark as internal
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 21 Dec 2023 13:43:31 UTC
The branch stable/13 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=32a9108cdcc671547d087cf6eecbcdb37064b8ab
commit 32a9108cdcc671547d087cf6eecbcdb37064b8ab
Author: Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:42 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2023-12-21 13:37:01 +0000
cr_canseeotheruids(9): Revamp, mark as internal
Significantly clarify. Replace references to cr_canseeothergids(9) by
ones to cr_bsd_visible(9).
Reviewed by: bcr, mhorne
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40635
(cherry picked from commit 4ddd253b38dff8725555355cc1b5238b1bbfd380)
Approved by: markj (mentor)
---
share/man/man9/cr_canseeotheruids.9 | 73 ++++++++++++++++++-------------------
1 file changed, 36 insertions(+), 37 deletions(-)
diff --git a/share/man/man9/cr_canseeotheruids.9 b/share/man/man9/cr_canseeotheruids.9
index 80acc2d7a6ca..230c5ea59b78 100644
--- a/share/man/man9/cr_canseeotheruids.9
+++ b/share/man/man9/cr_canseeotheruids.9
@@ -1,5 +1,6 @@
.\"
.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org>
+.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr>
.\"
.\" All rights reserved.
.\"
@@ -25,56 +26,54 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd November 11, 2003
+.Dd August 18, 2023
.Dt CR_CANSEEOTHERUIDS 9
.Os
.Sh NAME
.Nm cr_canseeotheruids
-.Nd determine visibility of objects given their user credentials
+.Nd determine if subjects may see entities with differing user ID
.Sh SYNOPSIS
.Ft int
.Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2"
.Sh DESCRIPTION
-This function determines the visibility of objects in the
-kernel based on the real user IDs in the credentials
+.Bf -emphasis
+This function is internal.
+Its functionality is integrated into the function
+.Xr cr_bsd_visible 9 ,
+which should be called instead.
+.Ef
+.Pp
+This function checks if a subject associated to credentials
.Fa u1
-and
+is denied seeing a subject or object associated to credentials
.Fa u2
-associated with them.
+by a policy that requires both credentials to have the same real user ID.
.Pp
-The visibility of objects is influenced by the
+This policy is active if and only if the
.Xr sysctl 8
variable
-.Va security.bsd.see_other_uids .
-If this variable is non-zero then all objects in the kernel
-are visible to each other irrespective of their user IDs.
-If this variable is zero then the object with credentials
-.Fa u2
-is visible to the object with credentials
-.Fa u1
-if either
-.Fa u1
-is the super-user credential, or if
-.Fa u1
-and
-.Fa u2
-have the same real user ID.
-.Sh SYSCTL VARIABLES
-.Bl -tag -width indent
-.It Va security.bsd.see_other_uids
-Must be non-zero if objects with unprivileged credentials are to be
-able to see each other.
-.El
+.Va security.bsd.see_other_uids
+is set to zero.
+.Pp
+As usual, the superuser (effective user ID 0) is exempt from this policy
+provided that the
+.Xr sysctl 8
+variable
+.Va security.bsd.suser_enabled
+is non-zero and no active MAC policy explicitly denies the exemption
+.Po
+see
+.Xr priv_check_cred 9
+.Pc .
.Sh RETURN VALUES
-This function returns zero if the object with credential
+The
+.Fn cr_canseeotheruids
+function returns 0 if the policy is disabled, both credentials have the same
+real user ID, or if
.Fa u1
-can
-.Dq see
-the object with credential
-.Fa u2 ,
-or
-.Er ESRCH
-otherwise.
+has privilege exempting it from the policy.
+Otherwise, it returns
+.Er ESRCH .
.Sh SEE ALSO
-.Xr cr_canseeothergids 9 ,
-.Xr p_candebug 9
+.Xr cr_bsd_visible 9 ,
+.Xr priv_check_cred 9