git: e04b81f8b76c - stable/14 - cr_canseeotheruids(9): Revamp, mark as internal
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 17 Oct 2023 19:43:32 UTC
The branch stable/14 has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=e04b81f8b76ceb31abec1c739b42e70433047d3d commit e04b81f8b76ceb31abec1c739b42e70433047d3d Author: Olivier Certner <olce.freebsd@certner.fr> AuthorDate: 2023-08-17 23:54:42 +0000 Commit: Mitchell Horne <mhorne@FreeBSD.org> CommitDate: 2023-10-17 19:42:58 +0000 cr_canseeotheruids(9): Revamp, mark as internal Significantly clarify. Replace references to cr_canseeothergids(9) by ones to cr_bsd_visible(9). Reviewed by: bcr, mhorne MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40635 (cherry picked from commit 4ddd253b38dff8725555355cc1b5238b1bbfd380) --- share/man/man9/cr_canseeotheruids.9 | 73 ++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 37 deletions(-) diff --git a/share/man/man9/cr_canseeotheruids.9 b/share/man/man9/cr_canseeotheruids.9 index 80acc2d7a6ca..230c5ea59b78 100644 --- a/share/man/man9/cr_canseeotheruids.9 +++ b/share/man/man9/cr_canseeotheruids.9 @@ -1,5 +1,6 @@ .\" .\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org> +.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr> .\" .\" All rights reserved. .\" @@ -25,56 +26,54 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 11, 2003 +.Dd August 18, 2023 .Dt CR_CANSEEOTHERUIDS 9 .Os .Sh NAME .Nm cr_canseeotheruids -.Nd determine visibility of objects given their user credentials +.Nd determine if subjects may see entities with differing user ID .Sh SYNOPSIS .Ft int .Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2" .Sh DESCRIPTION -This function determines the visibility of objects in the -kernel based on the real user IDs in the credentials +.Bf -emphasis +This function is internal. +Its functionality is integrated into the function +.Xr cr_bsd_visible 9 , +which should be called instead. +.Ef +.Pp +This function checks if a subject associated to credentials .Fa u1 -and +is denied seeing a subject or object associated to credentials .Fa u2 -associated with them. +by a policy that requires both credentials to have the same real user ID. .Pp -The visibility of objects is influenced by the +This policy is active if and only if the .Xr sysctl 8 variable -.Va security.bsd.see_other_uids . -If this variable is non-zero then all objects in the kernel -are visible to each other irrespective of their user IDs. -If this variable is zero then the object with credentials -.Fa u2 -is visible to the object with credentials -.Fa u1 -if either -.Fa u1 -is the super-user credential, or if -.Fa u1 -and -.Fa u2 -have the same real user ID. -.Sh SYSCTL VARIABLES -.Bl -tag -width indent -.It Va security.bsd.see_other_uids -Must be non-zero if objects with unprivileged credentials are to be -able to see each other. -.El +.Va security.bsd.see_other_uids +is set to zero. +.Pp +As usual, the superuser (effective user ID 0) is exempt from this policy +provided that the +.Xr sysctl 8 +variable +.Va security.bsd.suser_enabled +is non-zero and no active MAC policy explicitly denies the exemption +.Po +see +.Xr priv_check_cred 9 +.Pc . .Sh RETURN VALUES -This function returns zero if the object with credential +The +.Fn cr_canseeotheruids +function returns 0 if the policy is disabled, both credentials have the same +real user ID, or if .Fa u1 -can -.Dq see -the object with credential -.Fa u2 , -or -.Er ESRCH -otherwise. +has privilege exempting it from the policy. +Otherwise, it returns +.Er ESRCH . .Sh SEE ALSO -.Xr cr_canseeothergids 9 , -.Xr p_candebug 9 +.Xr cr_bsd_visible 9 , +.Xr priv_check_cred 9