blob: fb57c0090dad3151a9aa8391225c17d2be8e7a6e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
<table class="head">
<tr>
<td class="head-ltitle">CR_CANSEEOTHERUIDS(9)</td>
<td class="head-vol">Kernel Developer's Manual</td>
<td class="head-rtitle">CR_CANSEEOTHERUIDS(9)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">cr_canseeotheruids</code> —
<span class="Nd">determine if subjects may see entities with differing user
ID</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
<p class="Pp"><var class="Ft">int</var>
<br/>
<code class="Fn">cr_canseeotheruids</code>(<var class="Fa" style="white-space: nowrap;">struct
ucred *u1</var>, <var class="Fa" style="white-space: nowrap;">struct ucred
*u2</var>);</p>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<div class="Bf Em">This function is internal. Its functionality is integrated
into the function <a class="Xr">cr_bsd_visible(9)</a>, which should be called
instead.</div>
<p class="Pp">This function checks if a subject associated to credentials
<var class="Fa">u1</var> is denied seeing a subject or object associated to
credentials <var class="Fa">u2</var> by a policy that requires both
credentials to have the same real user ID.</p>
<p class="Pp">This policy is active if and only if the
<a class="Xr">sysctl(8)</a> variable
<var class="Va">security.bsd.see_other_uids</var> is set to zero.</p>
<p class="Pp">As usual, the superuser (effective user ID 0) is exempt from this
policy provided that the <a class="Xr">sysctl(8)</a> variable
<var class="Va">security.bsd.suser_enabled</var> is non-zero and no active
MAC policy explicitly denies the exemption (see
<a class="Xr">priv_check_cred(9)</a>).</p>
</section>
<section class="Sh">
<h1 class="Sh" id="RETURN_VALUES"><a class="permalink" href="#RETURN_VALUES">RETURN
VALUES</a></h1>
<p class="Pp">The <code class="Fn">cr_canseeotheruids</code>() function returns
0 if the policy is disabled, both credentials have the same real user ID, or
if <var class="Fa">u1</var> has privilege exempting it from the policy.
Otherwise, it returns <code class="Er">ESRCH</code>.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<p class="Pp"><a class="Xr">cr_bsd_visible(9)</a>,
<a class="Xr">priv_check_cred(9)</a></p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">August 18, 2023</td>
<td class="foot-os">FreeBSD 15.0</td>
</tr>
</table>
|
