diff --git a/share/man/man9/cr_canseeotheruids.9 b/share/man/man9/cr_canseeotheruids.9 --- a/share/man/man9/cr_canseeotheruids.9 +++ b/share/man/man9/cr_canseeotheruids.9 @@ -1,5 +1,6 @@ .\" .\" Copyright (c) 2003 Joseph Koshy +.\" Copyright (c) 2023 Olivier Certner .\" .\" All rights reserved. .\" @@ -25,56 +26,54 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 11, 2003 +.Dd August 18, 2023 .Dt CR_CANSEEOTHERUIDS 9 .Os .Sh NAME .Nm cr_canseeotheruids -.Nd determine visibility of objects given their user credentials +.Nd determine if subjects may see entities with differing user ID .Sh SYNOPSIS .Ft int .Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2" .Sh DESCRIPTION -This function determines the visibility of objects in the -kernel based on the real user IDs in the credentials +.Bf -emphasis +This function is internal. +Its functionality is integrated into the function +.Xr cr_bsd_visible 9 , +which should be called instead. +.Ef +.Pp +This function checks if a subject associated to credentials .Fa u1 -and +is denied seeing a subject or object associated to credentials .Fa u2 -associated with them. +by a policy that requires both credentials to have the same real user ID. .Pp -The visibility of objects is influenced by the +This policy is active if and only if the .Xr sysctl 8 variable -.Va security.bsd.see_other_uids . -If this variable is non-zero then all objects in the kernel -are visible to each other irrespective of their user IDs. -If this variable is zero then the object with credentials -.Fa u2 -is visible to the object with credentials -.Fa u1 -if either -.Fa u1 -is the super-user credential, or if -.Fa u1 -and -.Fa u2 -have the same real user ID. -.Sh SYSCTL VARIABLES -.Bl -tag -width indent -.It Va security.bsd.see_other_uids -Must be non-zero if objects with unprivileged credentials are to be -able to see each other. -.El +.Va security.bsd.see_other_uids +is set to zero. +.Pp +As usual, the superuser (effective user ID 0) is exempt from this policy +provided that the +.Xr sysctl 8 +variable +.Va security.bsd.suser_enabled +is non-zero and no active MAC policy explicitly denies the exemption +.Po +see +.Xr priv_check_cred 9 +.Pc . .Sh RETURN VALUES -This function returns zero if the object with credential +The +.Fn cr_canseeotheruids +function returns 0 if the policy is disabled, both credentials have the same +real user ID, or if .Fa u1 -can -.Dq see -the object with credential -.Fa u2 , -or -.Er ESRCH -otherwise. +has privilege exempting it from the policy. +Otherwise, it returns +.Er ESRCH . .Sh SEE ALSO -.Xr cr_canseeothergids 9 , -.Xr p_candebug 9 +.Xr cr_bsd_visible 9 , +.Xr priv_check_cred 9