system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-03 23:28:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow the root user to be aware of other credentials by virtue

Browse source 
of privilege.

Submitted by:	rwatson
This commit is contained in:
Tom Rhodes 2005-09-30 23:41:10 +00:00
parent 7d830ac9c2
commit 24b3d59965
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=150764
1 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
sys/security/mac_seeotheruids/mac_seeotheruids.c
View file

@ -83,6 +83,14 @@ SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, primarygroup_enabled,
CTLFLAG_RW, &primarygroup_enabled, 0, "Make an exception for credentials "
"with the same real primary group id");
/*
* Exception: allow the root user to be aware of other credentials by virtue
* of privilege.
*/
static int suser_privileged = 1;
SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, suser_privileged,
CTLFLAG_RW, &suser_privileged, 0, "Make an exception for superuser");
/*
* Exception: allow processes with a specific gid to be exempt from the
* policy. One sysctl enables this functionality; the other sets the
@ -117,8 +125,10 @@ mac_seeotheruids_check(struct ucred *u1, struct ucred *u2)
if (u1->cr_ruid == u2->cr_ruid)
return (0);
if (suser_cred(u1, 0) == 0)
return (0);
if (suser_privileged) {
if (suser_cred(u1, 0) == 0)
return (0);
}
return (ESRCH);
}