cr_canseeotheruids(), cr_canseeothergids() and cr_canseejailproc() should not be
used directly now. cr_bsd_visible() has to be called instead.
Details
Details
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped - Build Status
Buildable 52164 Build 49055: arc lint + arc unit
Event Timeline
Comment Actions
These functions are exported, I think they should be kept as is to keep KPI compatibility.
Comment Actions
We can change KPI across major versions at least, can't we?
This change has several goals. The first is to prevent consumers from using any of these individual functions, which are called by cr_bsd_visibility() itself. This helps avoid bugs where some callers forget to check if a particular policy authorizes accesses, which is exactly what happened with see_jail_proc. A second goal is that, more conceptually, visibility policies can be seen as a block that should be applied at once. If, in the future, some policy is added, it will just have to in cr_bsd_visibility() (no need of sprinkling calls all around).