1.\" 2.\" Copyright (c) 2003 Joseph Koshy <jkoshy@FreeBSD.org> 3.\" Copyright (c) 2023 Olivier Certner <olce.freebsd@certner.fr> 4.\" 5.\" All rights reserved. 6.\" 7.\" This program is free software. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR 19.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 20.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 21.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, 22.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 23.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 27.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28.\" 29.Dd August 18, 2023 30.Dt CR_CANSEEOTHERUIDS 9 31.Os 32.Sh NAME 33.Nm cr_canseeotheruids 34.Nd determine if subjects may see entities with differing user ID 35.Sh SYNOPSIS 36.Ft int 37.Fn cr_canseeotheruids "struct ucred *u1" "struct ucred *u2" 38.Sh DESCRIPTION 39.Bf -emphasis 40This function is internal. 41Its functionality is integrated into the function 42.Xr cr_bsd_visible 9 , 43which should be called instead. 44.Ef 45.Pp 46This function checks if a subject associated to credentials 47.Fa u1 48is denied seeing a subject or object associated to credentials 49.Fa u2 50by a policy that requires both credentials to have the same real user ID. 51.Pp 52This policy is active if and only if the 53.Xr sysctl 8 54variable 55.Va security.bsd.see_other_uids 56is set to zero. 57.Pp 58As usual, the superuser (effective user ID 0) is exempt from this policy 59provided that the 60.Xr sysctl 8 61variable 62.Va security.bsd.suser_enabled 63is non-zero and no active MAC policy explicitly denies the exemption 64.Po 65see 66.Xr priv_check_cred 9 67.Pc . 68.Sh RETURN VALUES 69The 70.Fn cr_canseeotheruids 71function returns 0 if the policy is disabled, both credentials have the same 72real user ID, or if 73.Fa u1 74has privilege exempting it from the policy. 75Otherwise, it returns 76.Er ESRCH . 77.Sh SEE ALSO 78.Xr cr_bsd_visible 9 , 79.Xr priv_check_cred 9 80