diff --git a/share/man/man9/cr_canseeotheruids.9 b/share/man/man9/cr_canseeotheruids.9 index 80acc2d7a6ca..230c5ea59b78 100644 --- a/share/man/man9/cr_canseeotheruids.9 +++ b/share/man/man9/cr_canseeotheruids.9 @@ -1,80 +1,79 @@ .\" .\" Copyright (c) 2003 Joseph Koshy +.\" Copyright (c) 2023 Olivier Certner .\" .\" All rights reserved. .\" .\" This program is free software. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. .\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 11, 2003 +.Dd August 18, 2023 .Dt CR_CANSEEOTHERUIDS 9 .Os .Sh NAME .Nm cr_canseeotheruids -.Nd determine visibility of objects given their user credentials +.Nd determine if subjects may see entities with differing user ID .Sh SYNOPSIS .Ft int .Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2" .Sh DESCRIPTION -This function determines the visibility of objects in the -kernel based on the real user IDs in the credentials +.Bf -emphasis +This function is internal. +Its functionality is integrated into the function +.Xr cr_bsd_visible 9 , +which should be called instead. +.Ef +.Pp +This function checks if a subject associated to credentials .Fa u1 -and +is denied seeing a subject or object associated to credentials .Fa u2 -associated with them. +by a policy that requires both credentials to have the same real user ID. .Pp -The visibility of objects is influenced by the +This policy is active if and only if the .Xr sysctl 8 variable -.Va security.bsd.see_other_uids . -If this variable is non-zero then all objects in the kernel -are visible to each other irrespective of their user IDs. -If this variable is zero then the object with credentials -.Fa u2 -is visible to the object with credentials -.Fa u1 -if either -.Fa u1 -is the super-user credential, or if -.Fa u1 -and -.Fa u2 -have the same real user ID. -.Sh SYSCTL VARIABLES -.Bl -tag -width indent -.It Va security.bsd.see_other_uids -Must be non-zero if objects with unprivileged credentials are to be -able to see each other. -.El +.Va security.bsd.see_other_uids +is set to zero. +.Pp +As usual, the superuser (effective user ID 0) is exempt from this policy +provided that the +.Xr sysctl 8 +variable +.Va security.bsd.suser_enabled +is non-zero and no active MAC policy explicitly denies the exemption +.Po +see +.Xr priv_check_cred 9 +.Pc . .Sh RETURN VALUES -This function returns zero if the object with credential +The +.Fn cr_canseeotheruids +function returns 0 if the policy is disabled, both credentials have the same +real user ID, or if .Fa u1 -can -.Dq see -the object with credential -.Fa u2 , -or -.Er ESRCH -otherwise. +has privilege exempting it from the policy. +Otherwise, it returns +.Er ESRCH . .Sh SEE ALSO -.Xr cr_canseeothergids 9 , -.Xr p_candebug 9 +.Xr cr_bsd_visible 9 , +.Xr priv_check_cred 9