Diffusion FreeBSD src repository de701f9bdbe0

GID instead of effective ones
de701f9bdbe0
Actions

Description

MAC/do: Apply a rule on real UID/GID instead of effective ones

We intend MAC/do to authorize transitions based on the "real" identity
information of the calling process, rather than transiently-acquired
effective IDs.

Reviewed by: bapt
Approved by: markj (mentor)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47845

Details

Provenance

olce	Authored on Nov 29 2024, 2:39 PM

Reviewer

bapt

Differential Revision

D47845: MAC/do: Apply a rule on real UID/GID instead of effective ones

Parents

rGc7fc71c6af07: MAC/do: Convert internal TAILQs to STAILQs

Branches

Unknown

Tags

Unknown

Event Timeline

olce committed rGde701f9bdbe0: MAC/do: Apply a rule on real UID/GID instead of effective ones (authored by olce).Mon, Dec 16, 2:42 PM

olce added an edge: D47845: MAC/do: Apply a rule on real UID/GID instead of effective ones.Mon, Dec 16, 2:47 PM

Changes (1)

Path

Size

sys/

security/

mac_do/

mac_do.c

rGde701f9bdbe0

View Options

sys/security/mac_do/mac_do.c