diff --git a/share/man/man9/cr_bsd_visibility.9 b/share/man/man9/cr_bsd_visibility.9 new file mode 100644 --- /dev/null +++ b/share/man/man9/cr_bsd_visibility.9 @@ -0,0 +1,118 @@ +.\" +.\" SPDX-License-Identifier: BSD-2-Clause +.\" +.\" Copyright (c) 2023 Olivier Certner +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd June 16, 2023 +.Dt CR_BSD_VISIBILITY 9 +.Os +.Sh NAME +.Nm cr_bsd_visibility +.Nd may subjects see entities according to BSD security policies? +.Sh SYNOPSIS +.In sys/proc.h +.Ft int +.Fn cr_bsd_visibility "struct ucred *u1" "struct ucred *u2" +.Sh DESCRIPTION +This function determines if a subject with credentials +.Fa u1 +is not denied seeing an object or subject associated to credentials +.Fa u2 +by the following policies and associated +.Xr sysctl 8 +knobs: +.Bl -tag -width indent +.It Va security.bsd.seeotheruids +If set to 0, subjects cannot see other subjects or objects if they are not +associated with the same real user ID. +The corresponding internal function is +.Xr cr_seeotheruids 9 . +.It Va security.bsd.seeothergids +If set to 0, subjects cannot see other subjects or objects if they are not both +a member of at least one common group. +The corresponding internal function is +.Xr cr_seeothergids 9 . +.It Va security.bsd.see_jail_proc +If set to 0, subjects cannot see other subjects or objects that are not +associated with the same jail as they are. +The corresponding internal function +is +.Xr cr_seejailproc 9 . +.El +.Pp +As usual, the superuser (effective user ID 0) is exempt from any of these +policies provided that the +.Xr sysctl 8 +variable +.Va security.bsd.suser_enabled +is non-zero and no active MAC policy explicitly denies the exemption +.Po +see +.Xr priv_check_cred 9 +.Pc . +.Pp +This function is intended to be used as a helper to implement +.Xr cr_cansee 9 +and similar functions. +.Sh RETURN VALUES +This function returns zero if a subject with credentials +.Fa u1 +is not denied seeing a subject or object with credentials +.Fa u2 +by the active above-mentioned policies, or +.Er ESRCH +otherwise. +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er ESRCH +Credentials +.Fa u1 +and +.Fa u2 +do not have the same real user ID. +.It Bq Er ESRCH +Credentials +.Fa u1 +and +.Fa u2 +are not member of any common group +.Po +as determined by +.Xr groupmember 9 +.Pc . +.It Bq Er ESRCH +Credentials +.Fa u1 +and +.Fa u2 +are not in the same jail. +.El +.Sh SEE ALSO +.Xr cr_seeotheruids 9 , +.Xr cr_seeothergids 9 , +.Xr cr_seejailproc 9 , +.Xr priv_check_cred 9 , +.Xr cr_cansee 9 +.Sh AUTHORS +This function and its manual page were written by +.An Olivier Certner Aq Mt olce.freebsd@certner.fr .