d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow the root user to be aware of other credentials by virtue

Browse Source 
of privilege.

Submitted by:	rwatson
This commit is contained in:
Tom Rhodes 2005-09-30 23:41:10 +00:00
parent 7d830ac9c2
commit 24b3d59965
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
sys/security/mac_seeotheruids/mac_seeotheruids.c
View File

@ -83,6 +83,14 @@ SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, primarygroup_enabled,
CTLFLAG_RW, &primarygroup_enabled, 0, "Make an exception for credentials "
"with the same real primary group id");
/*
* Exception: allow the root user to be aware of other credentials by virtue
* of privilege.
*/
static int suser_privileged = 1;
SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, suser_privileged,
CTLFLAG_RW, &suser_privileged, 0, "Make an exception for superuser");
/*
* Exception: allow processes with a specific gid to be exempt from the
* policy. One sysctl enables this functionality; the other sets the
@ -117,8 +125,10 @@ mac_seeotheruids_check(struct ucred *u1, struct ucred *u2)
if (u1->cr_ruid == u2->cr_ruid)
return (0);
if (suser_cred(u1, 0) == 0)
return (0);
if (suser_privileged) {
if (suser_cred(u1, 0) == 0)
return (0);
}
return (ESRCH);
}