kern/79705: mac_seeotheruids not blocking root

[Matthew Poole]

The following reply was made to PR kern/79705; it has been noted by GNATS.

From: Matthew Poole <matt at p00le.net>
To: matt at p00le.net, bug-followup at FreeBSD.org
Cc:  
Subject: Re: kern/79705: mac_seeotheruids not blocking root
Date: Sat, 14 May 2005 23:47:37 +1200

 --=-N50hT1Tf6vaf5hPTZ3cl
 Content-Type: text/plain
 Content-Transfer-Encoding: quoted-printable
 
 Further to this, I got the mac_seeotheruids.c file from 5.3-RELEASE and
 built it on a 5.4-RELEASE box, and it works fine.  The diff for the two
 files (the .bak is the 5.4 file) is below.
 
 diff mac_seeotheruids.c mac_seeotheruids.c.bak
 34c34
 <  * $FreeBSD: src/sys/security/mac_seeotheruids/mac_seeotheruids.c,v
 1.6 2004/02/22 00:33:12 rwatson Exp $
 ---
 >  * $FreeBSD: src/sys/security/mac_seeotheruids/mac_seeotheruids.c,v
 1.6.2.1 2005/01/22 19:18:15 rwatson Exp $
 117a118,120
 >               return (0);
 >
 >       if (suser_cred(u1, 0) =3D=3D 0)
 
 I'm not sure how those two lines interact with things, but they appear
 to be the cause of the problem.
 
 --=20
 Matthew Poole
 
 --=-N50hT1Tf6vaf5hPTZ3cl
 Content-Type: application/pgp-signature; name=signature.asc
 Content-Description: This is a digitally signed message part
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (FreeBSD)
 
 iD8DBQBCheVZTdEtTmUCdpwRAtqmAJ9FqPyILxX0m+Ejefqe34pf4wlElwCfcwIx
 OZPfMBDeyyMmqTqqpkYtukQ=
 =s2C0
 -----END PGP SIGNATURE-----
 
 --=-N50hT1Tf6vaf5hPTZ3cl--