NAME

cr_bsd_visible — determine if subjects may see entities according to BSD security policies

SYNOPSIS

#include <sys/proc.h>

int
cr_bsd_visible(struct ucred *u1, struct ucred *u2);

DESCRIPTION

This function determines if a subject with credentials u1 is denied seeing an object or subject associated to credentials u2 by the following policies and associated sysctl(8) knobs:

security.bsd.seeotheruids

If set to 0, subjects cannot see other subjects or objects if they are not associated with the same real user ID. The corresponding internal function is cr_canseeotheruids(9).

security.bsd.seeothergids

If set to 0, subjects cannot see other subjects or objects if they are not both a member of at least one common group. The corresponding internal function is cr_canseeothergids(9).

security.bsd.see_jail_proc

If set to 0, subjects cannot see other subjects or objects that are not associated with the same jail as they are. The corresponding internal function is cr_canseejailproc(9).

As usual, the superuser (effective user ID 0) is exempt from any of these policies provided that the sysctl(8) variable security.bsd.suser_enabled is non-zero and no active MAC policy explicitly denies the exemption (see priv_check_cred(9)).

This function is intended to be used as a helper to implement cr_cansee(9) and similar functions.

RETURN VALUES

This function returns zero if a subject with credentials u1 may see a subject or object with credentials u2 by the active above-mentioned policies, or ESRCH otherwise.

ERRORS

[ESRCH]

Credentials u1 and u2 do not have the same real user ID.

[ESRCH]

Credentials u1 and u2 are not members of any common group (as determined by realgroupmember(9)).

[ESRCH]

Credentials u1 and u2 are not in the same jail.

SEE ALSO

cr_cansee(9), cr_canseejailproc(9), cr_canseeothergids(9), cr_canseeotheruids(9), priv_check_cred(9)

AUTHORS

This function and its manual page were written by Olivier Certner <olce.freebsd@certner.fr>.