• Start
• Documentation
  • PostgreSQL
  • mnoGoSearch
  • Apache 2.4
  • FreeBSD handbook
  • FreeBSD Manual
  • FreeBSD Source
• Tools
• Search
• Protected Area

plain

FreeBSD manual

keyword 1 2 3 4 5 6 7 8 9 n l

download PDF document: cr_canseeotheruids.9.pdf

CR_CANSEEOTHERUIDS(9) FreeBSD Kernel Developer's Manual CR_CANSEEOTHERUIDS(9)
NAME cr_canseeotheruids - determine if subjects may see entities with differing user ID
SYNOPSIS int cr_canseeotheruids(struct ucred *u1, struct ucred *u2);
DESCRIPTION This function is internal. Its functionality is integrated into the function cr_bsd_visible(9), which should be called instead.
This function checks if a subject associated to credentials u1 is denied seeing a subject or object associated to credentials u2 by a policy that requires both credentials to have the same real user ID.
This policy is active if and only if the sysctl(8) variable security.bsd.see_other_uids is set to zero.
As usual, the superuser (effective user ID 0) is exempt from this policy provided that the sysctl(8) variable security.bsd.suser_enabled is non- zero and no active MAC policy explicitly denies the exemption (see priv_check_cred(9)).
RETURN VALUES The cr_canseeotheruids() function returns 0 if the policy is disabled, both credentials have the same real user ID, or if u1 has privilege exempting it from the policy. Otherwise, it returns ESRCH.
SEE ALSO cr_bsd_visible(9), priv_check_cred(9)
FreeBSD 14.0-RELEASE-p11 August 18, 2023 FreeBSD 14.0-RELEASE-p11