1c59ab75cSOlivier Certner.\" 2c59ab75cSOlivier Certner.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org> 3*4ddd253bSOlivier Certner.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr> 4c59ab75cSOlivier Certner.\" 5c59ab75cSOlivier Certner.\" All rights reserved. 6c59ab75cSOlivier Certner.\" 7c59ab75cSOlivier Certner.\" This program is free software. 8c59ab75cSOlivier Certner.\" 9c59ab75cSOlivier Certner.\" Redistribution and use in source and binary forms, with or without 10c59ab75cSOlivier Certner.\" modification, are permitted provided that the following conditions 11c59ab75cSOlivier Certner.\" are met: 12c59ab75cSOlivier Certner.\" 1. Redistributions of source code must retain the above copyright 13c59ab75cSOlivier Certner.\" notice, this list of conditions and the following disclaimer. 14c59ab75cSOlivier Certner.\" 2. Redistributions in binary form must reproduce the above copyright 15c59ab75cSOlivier Certner.\" notice, this list of conditions and the following disclaimer in the 16c59ab75cSOlivier Certner.\" documentation and/or other materials provided with the distribution. 17c59ab75cSOlivier Certner.\" 18c59ab75cSOlivier Certner.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 19c59ab75cSOlivier Certner.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20c59ab75cSOlivier Certner.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21c59ab75cSOlivier Certner.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 22c59ab75cSOlivier Certner.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23c59ab75cSOlivier Certner.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24c59ab75cSOlivier Certner.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25c59ab75cSOlivier Certner.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26c59ab75cSOlivier Certner.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27c59ab75cSOlivier Certner.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28c59ab75cSOlivier Certner.\" 29*4ddd253bSOlivier Certner.Dd August 18, 2023 30c59ab75cSOlivier Certner.Dt CR_CANSEEOTHERUIDS 9 31c59ab75cSOlivier Certner.Os 32c59ab75cSOlivier Certner.Sh NAME 33c59ab75cSOlivier Certner.Nm cr_canseeotheruids 34*4ddd253bSOlivier Certner.Nd determine if subjects may see entities with differing user ID 35c59ab75cSOlivier Certner.Sh SYNOPSIS 36c59ab75cSOlivier Certner.Ft int 37c59ab75cSOlivier Certner.Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2" 38c59ab75cSOlivier Certner.Sh DESCRIPTION 39*4ddd253bSOlivier Certner.Bf -emphasis 40*4ddd253bSOlivier CertnerThis function is internal. 41*4ddd253bSOlivier CertnerIts functionality is integrated into the function 42*4ddd253bSOlivier Certner.Xr cr_bsd_visible 9 , 43*4ddd253bSOlivier Certnerwhich should be called instead. 44*4ddd253bSOlivier Certner.Ef 45c59ab75cSOlivier Certner.Pp 46*4ddd253bSOlivier CertnerThis function checks if a subject associated to credentials 47*4ddd253bSOlivier Certner.Fa u1 48*4ddd253bSOlivier Certneris denied seeing a subject or object associated to credentials 49*4ddd253bSOlivier Certner.Fa u2 50*4ddd253bSOlivier Certnerby a policy that requires both credentials to have the same real user ID. 51*4ddd253bSOlivier Certner.Pp 52*4ddd253bSOlivier CertnerThis policy is active if and only if the 53c59ab75cSOlivier Certner.Xr sysctl 8 54c59ab75cSOlivier Certnervariable 55*4ddd253bSOlivier Certner.Va security.bsd.see_other_uids 56*4ddd253bSOlivier Certneris set to zero. 57*4ddd253bSOlivier Certner.Pp 58*4ddd253bSOlivier CertnerAs usual, the superuser (effective user ID 0) is exempt from this policy 59*4ddd253bSOlivier Certnerprovided that the 60*4ddd253bSOlivier Certner.Xr sysctl 8 61*4ddd253bSOlivier Certnervariable 62*4ddd253bSOlivier Certner.Va security.bsd.suser_enabled 63*4ddd253bSOlivier Certneris non-zero and no active MAC policy explicitly denies the exemption 64*4ddd253bSOlivier Certner.Po 65*4ddd253bSOlivier Certnersee 66*4ddd253bSOlivier Certner.Xr priv_check_cred 9 67*4ddd253bSOlivier Certner.Pc . 68c59ab75cSOlivier Certner.Sh RETURN VALUES 69*4ddd253bSOlivier CertnerThe 70*4ddd253bSOlivier Certner.Fn cr_canseeotheruids 71*4ddd253bSOlivier Certnerfunction returns 0 if the policy is disabled, both credentials have the same 72*4ddd253bSOlivier Certnerreal user ID, or if 73c59ab75cSOlivier Certner.Fa u1 74*4ddd253bSOlivier Certnerhas privilege exempting it from the policy. 75*4ddd253bSOlivier CertnerOtherwise, it returns 76*4ddd253bSOlivier Certner.Er ESRCH . 77c59ab75cSOlivier Certner.Sh SEE ALSO 78*4ddd253bSOlivier Certner.Xr cr_bsd_visible 9 , 79*4ddd253bSOlivier Certner.Xr priv_check_cred 9 80