|
1 | 1 | .\" |
2 | 2 | .\" Copyright (c) 2003 Joseph Koshy <[email protected]> |
| 3 | +.\" Copyright (c) 2023 Olivier Certner <[email protected]> |
3 | 4 | .\" |
4 | 5 | .\" All rights reserved. |
5 | 6 | .\" |
|
25 | 26 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 | 27 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | 28 | .\" |
28 | | -.Dd November 11, 2003 |
| 29 | +.Dd August 18, 2023 |
29 | 30 | .Dt CR_CANSEEOTHERUIDS 9 |
30 | 31 | .Os |
31 | 32 | .Sh NAME |
32 | 33 | .Nm cr_canseeotheruids |
33 | | -.Nd determine visibility of objects given their user credentials |
| 34 | +.Nd determine if subjects may see entities with differing user ID |
34 | 35 | .Sh SYNOPSIS |
35 | 36 | .Ft int |
36 | 37 | .Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2" |
37 | 38 | .Sh DESCRIPTION |
38 | | -This function determines the visibility of objects in the |
39 | | -kernel based on the real user IDs in the credentials |
| 39 | +.Bf -emphasis |
| 40 | +This function is internal. |
| 41 | +Its functionality is integrated into the function |
| 42 | +.Xr cr_bsd_visible 9 , |
| 43 | +which should be called instead. |
| 44 | +.Ef |
| 45 | +.Pp |
| 46 | +This function checks if a subject associated to credentials |
40 | 47 | .Fa u1 |
41 | | -and |
| 48 | +is denied seeing a subject or object associated to credentials |
42 | 49 | .Fa u2 |
43 | | -associated with them. |
| 50 | +by a policy that requires both credentials to have the same real user ID. |
44 | 51 | .Pp |
45 | | -The visibility of objects is influenced by the |
| 52 | +This policy is active if and only if the |
46 | 53 | .Xr sysctl 8 |
47 | 54 | variable |
48 | | -.Va security.bsd.see_other_uids . |
49 | | -If this variable is non-zero then all objects in the kernel |
50 | | -are visible to each other irrespective of their user IDs. |
51 | | -If this variable is zero then the object with credentials |
52 | | -.Fa u2 |
53 | | -is visible to the object with credentials |
54 | | -.Fa u1 |
55 | | -if either |
56 | | -.Fa u1 |
57 | | -is the super-user credential, or if |
58 | | -.Fa u1 |
59 | | -and |
60 | | -.Fa u2 |
61 | | -have the same real user ID. |
62 | | -.Sh SYSCTL VARIABLES |
63 | | -.Bl -tag -width indent |
64 | | -.It Va security.bsd.see_other_uids |
65 | | -Must be non-zero if objects with unprivileged credentials are to be |
66 | | -able to see each other. |
67 | | -.El |
| 55 | +.Va security.bsd.see_other_uids |
| 56 | +is set to zero. |
| 57 | +.Pp |
| 58 | +As usual, the superuser (effective user ID 0) is exempt from this policy |
| 59 | +provided that the |
| 60 | +.Xr sysctl 8 |
| 61 | +variable |
| 62 | +.Va security.bsd.suser_enabled |
| 63 | +is non-zero and no active MAC policy explicitly denies the exemption |
| 64 | +.Po |
| 65 | +see |
| 66 | +.Xr priv_check_cred 9 |
| 67 | +.Pc . |
68 | 68 | .Sh RETURN VALUES |
69 | | -This function returns zero if the object with credential |
| 69 | +The |
| 70 | +.Fn cr_canseeotheruids |
| 71 | +function returns 0 if the policy is disabled, both credentials have the same |
| 72 | +real user ID, or if |
70 | 73 | .Fa u1 |
71 | | -can |
72 | | -.Dq see |
73 | | -the object with credential |
74 | | -.Fa u2 , |
75 | | -or |
76 | | -.Er ESRCH |
77 | | -otherwise. |
| 74 | +has privilege exempting it from the policy. |
| 75 | +Otherwise, it returns |
| 76 | +.Er ESRCH . |
78 | 77 | .Sh SEE ALSO |
79 | | -.Xr cr_canseeothergids 9 , |
80 | | -.Xr p_candebug 9 |
| 78 | +.Xr cr_bsd_visible 9 , |
| 79 | +.Xr priv_check_cred 9 |
0 commit comments