diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1474,11 +1474,7 @@ if ((error = mac_cred_check_visible(u1, u2))) return (error); #endif - if ((error = cr_canseeotheruids(u1, u2))) - return (error); - if ((error = cr_canseeothergids(u1, u2))) - return (error); - if ((error = cr_canseejailproc(u1, u2))) + if ((error = cr_bsd_visible(u1, u2))) return (error); return (0); } @@ -1539,9 +1535,7 @@ if ((error = mac_proc_check_signal(cred, proc, signum))) return (error); #endif - if ((error = cr_canseeotheruids(cred, proc->p_ucred))) - return (error); - if ((error = cr_canseeothergids(cred, proc->p_ucred))) + if ((error = cr_bsd_visible(cred, proc->p_ucred))) return (error); /* @@ -1656,10 +1650,9 @@ if ((error = mac_proc_check_sched(td->td_ucred, p))) return (error); #endif - if ((error = cr_canseeotheruids(td->td_ucred, p->p_ucred))) - return (error); - if ((error = cr_canseeothergids(td->td_ucred, p->p_ucred))) + if ((error = cr_bsd_visible(td->td_ucred, p->p_ucred))) return (error); + if (td->td_ucred->cr_ruid != p->p_ucred->cr_ruid && td->td_ucred->cr_uid != p->p_ucred->cr_ruid) { error = priv_check(td, PRIV_SCHED_DIFFCRED); @@ -1726,9 +1719,7 @@ if ((error = mac_proc_check_debug(td->td_ucred, p))) return (error); #endif - if ((error = cr_canseeotheruids(td->td_ucred, p->p_ucred))) - return (error); - if ((error = cr_canseeothergids(td->td_ucred, p->p_ucred))) + if ((error = cr_bsd_visible(td->td_ucred, p->p_ucred))) return (error); /* @@ -1818,9 +1809,7 @@ if (error) return (error); #endif - if (cr_canseeotheruids(cred, so->so_cred)) - return (ENOENT); - if (cr_canseeothergids(cred, so->so_cred)) + if (cr_bsd_visible(cred, so->so_cred)) return (ENOENT); return (0); @@ -1850,7 +1839,7 @@ #endif #if 0 /* XXXMAC: This could have odd effects on some shells. */ - if ((error = cr_canseeotheruids(td->td_ucred, p->p_ucred))) + if ((error = cr_bsd_visible(td->td_ucred, p->p_ucred))) return (error); #endif diff --git a/sys/netinet/in_prot.c b/sys/netinet/in_prot.c --- a/sys/netinet/in_prot.c +++ b/sys/netinet/in_prot.c @@ -69,9 +69,7 @@ if (error) return (error); #endif - if (cr_canseeotheruids(cred, inp->inp_cred)) - return (ENOENT); - if (cr_canseeothergids(cred, inp->inp_cred)) + if (cr_bsd_visible(cred, inp->inp_cred)) return (ENOENT); return (0);