Diffusion FreeBSD src repository 8f72bcd9fd5d

GID instead of effective ones
8f72bcd9fd5d
Actions

Description

MAC/do: Apply a rule on real UID/GID instead of effective ones

We intend MAC/do to authorize transitions based on the "real" identity
information of the calling process, rather than transiently-acquired
effective IDs.

Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47845

(cherry picked from commit de701f9bdbe0ede691a0439d1c469082b94fe234)

Details

Provenance

olce	Authored on Nov 29 2024, 2:39 PM

Reviewer

bapt

Differential Revision

D47845: MAC/do: Apply a rule on real UID/GID instead of effective ones

Parents

rG53e73ec9f6c4: MAC/do: Convert internal TAILQs to STAILQs

Branches

Unknown

Tags

Unknown

Event Timeline

olce committed rG8f72bcd9fd5d: MAC/do: Apply a rule on real UID/GID instead of effective ones (authored by olce).Apr 3 2025, 7:31 PM

olce added an edge: D47845: MAC/do: Apply a rule on real UID/GID instead of effective ones.Apr 3 2025, 7:35 PM

Changes (1)

Path

Size

sys/

security/

mac_do/

mac_do.c

rG8f72bcd9fd5d

View Options

sys/security/mac_do/mac_do.c