security(7): security.bsd.see*: Be more accurate

Reviewed by: mhorne, pauamma_gundo.com Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D41108 (cherry picked from commit 61b6e00bee) Approved by: markj (mentor)
2024-10-03 15:15:01 +00:00 · 2023-08-18 01:54:48 +02:00 · 2023-08-18 01:54:48 +02:00 · 56f758066c
parent 0297e7213c
commit 56f758066c
1 changed files with 6 additions and 4 deletions
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 14, 2022
+.Dd August 18, 2023
 .Dt SECURITY 7
 .Os
 .Sh NAME
@ -956,16 +956,18 @@ Backwards compatibility shims for the interim sysctls under
 will not be added.
 .Bl -tag -width security.bsd.unprivileged_proc_debug
 .It Dv security.bsd.see_other_uids
-Controls visibility of processes owned by different uid.
+Controls visibility and reachability of subjects (e.g., processes) and objects
+(e.g., sockets) owned by a different uid.
 The knob directly affects the
 .Dv kern.proc
 sysctls filtering of data, which results in restricted output from
 utilities like
 .Xr ps 1 .
 .It Dv security.bsd.see_other_gids
-Same, for processes owned by different gid.
+Same, for subjects and objects owned by a different gid.
 .It Dv security.bsd.see_jail_proc
-Same, for processes belonging to a jail.
+Same, for subjects and objects belonging to a different jail, including
+sub-jails.
 .It Dv security.bsd.conservative_signals
 When enabled, unprivileged users are only allowed to send job control
 and usual termination signals like