2003-12-11 13:29:05 +00:00
|
|
|
.\"
|
2010-05-19 08:57:53 +00:00
|
|
|
.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org>
|
2023-08-17 23:54:42 +00:00
|
|
|
.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr>
|
2003-12-11 13:29:05 +00:00
|
|
|
.\"
|
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" This program is free software.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
2023-08-17 23:54:42 +00:00
|
|
|
.Dd August 18, 2023
|
2023-08-17 23:54:39 +00:00
|
|
|
.Dt CR_CANSEEOTHERUIDS 9
|
2010-04-14 19:08:06 +00:00
|
|
|
.Os
|
2003-12-11 13:29:05 +00:00
|
|
|
.Sh NAME
|
2023-08-17 23:54:39 +00:00
|
|
|
.Nm cr_canseeotheruids
|
2023-08-17 23:54:42 +00:00
|
|
|
.Nd determine if subjects may see entities with differing user ID
|
2003-12-11 13:29:05 +00:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Ft int
|
2023-08-17 23:54:39 +00:00
|
|
|
.Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2"
|
2003-12-11 13:29:05 +00:00
|
|
|
.Sh DESCRIPTION
|
2023-08-17 23:54:42 +00:00
|
|
|
.Bf -emphasis
|
|
|
|
This function is internal.
|
|
|
|
Its functionality is integrated into the function
|
|
|
|
.Xr cr_bsd_visible 9 ,
|
|
|
|
which should be called instead.
|
|
|
|
.Ef
|
|
|
|
.Pp
|
|
|
|
This function checks if a subject associated to credentials
|
2003-12-11 13:29:05 +00:00
|
|
|
.Fa u1
|
2023-08-17 23:54:42 +00:00
|
|
|
is denied seeing a subject or object associated to credentials
|
2003-12-11 13:29:05 +00:00
|
|
|
.Fa u2
|
2023-08-17 23:54:42 +00:00
|
|
|
by a policy that requires both credentials to have the same real user ID.
|
2003-12-11 13:29:05 +00:00
|
|
|
.Pp
|
2023-08-17 23:54:42 +00:00
|
|
|
This policy is active if and only if the
|
2003-12-11 13:29:05 +00:00
|
|
|
.Xr sysctl 8
|
2004-07-06 07:26:23 +00:00
|
|
|
variable
|
2023-08-17 23:54:42 +00:00
|
|
|
.Va security.bsd.see_other_uids
|
|
|
|
is set to zero.
|
|
|
|
.Pp
|
|
|
|
As usual, the superuser (effective user ID 0) is exempt from this policy
|
|
|
|
provided that the
|
|
|
|
.Xr sysctl 8
|
|
|
|
variable
|
|
|
|
.Va security.bsd.suser_enabled
|
|
|
|
is non-zero and no active MAC policy explicitly denies the exemption
|
|
|
|
.Po
|
|
|
|
see
|
|
|
|
.Xr priv_check_cred 9
|
|
|
|
.Pc .
|
2003-12-11 13:29:05 +00:00
|
|
|
.Sh RETURN VALUES
|
2023-08-17 23:54:42 +00:00
|
|
|
The
|
|
|
|
.Fn cr_canseeotheruids
|
|
|
|
function returns 0 if the policy is disabled, both credentials have the same
|
|
|
|
real user ID, or if
|
2003-12-11 13:29:05 +00:00
|
|
|
.Fa u1
|
2023-08-17 23:54:42 +00:00
|
|
|
has privilege exempting it from the policy.
|
|
|
|
Otherwise, it returns
|
|
|
|
.Er ESRCH .
|
2003-12-11 13:29:05 +00:00
|
|
|
.Sh SEE ALSO
|
2023-08-17 23:54:42 +00:00
|
|
|
.Xr cr_bsd_visible 9 ,
|
|
|
|
.Xr priv_check_cred 9
|