diff --git a/share/man/man9/cr_seeotheruids.9 b/share/man/man9/cr_seeotheruids.9 --- a/share/man/man9/cr_seeotheruids.9 +++ b/share/man/man9/cr_seeotheruids.9 @@ -1,5 +1,6 @@ .\" .\" Copyright (c) 2003 Joseph Koshy +.\" Copyright (c) 2023 Olivier Certner .\" .\" All rights reserved. .\" @@ -27,56 +28,49 @@ .\" .\" $FreeBSD$ .\" -.Dd November 11, 2003 +.Dd June 16, 2023 .Dt CR_SEEOTHERUIDS 9 .Os .Sh NAME .Nm cr_seeotheruids -.Nd determine visibility of objects given their user credentials +.Nd whether subjects may see objects with differing user ID .Sh SYNOPSIS .Ft int .Fn cr_seeotheruids "struct ucred *u1" "struct ucred *u2" .Sh DESCRIPTION -This function determines the visibility of objects in the -kernel based on the real user IDs in the credentials -.Fa u1 -and -.Fa u2 -associated with them. +.Bf -emphasis +This function is internal. Its functionality is integrated into function +.Xr cr_bsd_visibility 9 , +which should be called instead. +.Ef .Pp -The visibility of objects is influenced by the +This function checks if a subject associated to credentials +.Fa u1 +is not denied seeing a subject or object associated to credentials +.Fa u2 +by a policy that requires both credentials to have the same real user ID. +.Pp +This policy is active if and only if the .Xr sysctl 8 variable -.Va security.bsd.see_other_uids . -If this variable is non-zero then all objects in the kernel -are visible to each other irrespective of their user IDs. -If this variable is zero then the object with credentials -.Fa u2 -is visible to the object with credentials -.Fa u1 -if either -.Fa u1 -is the super-user credential, or if -.Fa u1 -and -.Fa u2 -have the same real user ID. -.Sh SYSCTL VARIABLES -.Bl -tag -width indent -.It Va security.bsd.see_other_uids -Must be non-zero if objects with unprivileged credentials are to be -able to see each other. -.El +.Va security.bsd.see_other_uids +is non-zero. +.Pp +As usual, the superuser (effective user ID 0) is exempt from this policy +provided that the +.Xr sysctl 8 +variable +.Va security.bsd.suser_enabled +is non-zero and no active MAC policy explicitly denies the exemption +.Po +see +.Xr priv_check_cred 9 +.Pc . .Sh RETURN VALUES -This function returns zero if the object with credential -.Fa u1 -can -.Dq see -the object with credential -.Fa u2 , -or +0 if the policy is disabled, the subject exempt from it or if both credentials +have the same real user ID, .Er ESRCH otherwise. .Sh SEE ALSO -.Xr cr_seeothergids 9 , -.Xr p_candebug 9 +.Xr cr_bsd_visibility 9 , +.Xr priv_check_cred 9