diff options
Diffstat (limited to 'share/man/man9/cr_seeothergids.9')
| -rw-r--r-- | share/man/man9/cr_seeothergids.9 | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/share/man/man9/cr_seeothergids.9 b/share/man/man9/cr_seeothergids.9 new file mode 100644 index 000000000000..1f5f4ee05dba --- /dev/null +++ b/share/man/man9/cr_seeothergids.9 @@ -0,0 +1,82 @@ +.\" +.\" Copyright (c) 2003 Joseph Koshy <jkoshy@freebsd.org> +.\" +.\" All rights reserved. +.\" +.\" This program is free software. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd November 11, 2003 +.Os +.Dt CR_SEEOTHERGIDS 9 +.Sh NAME +.Nm cr_seeothergids +.Nd determine visibility of objects given their group memberships +.Sh SYNOPSIS +.Ft int +.Fn cr_seeothergids "struct ucred *u1" "struct ucred *u2" +.Sh DESCRIPTION +This function determines the visibility of objects in the +kernel based on the group IDs in the credentials +.Fa u1 +and +.Fa u2 +associated with them. +.Pp +The visibility of objects is influenced by the +.Xr sysctl 8 +variable +.Va security.bsd.see_other_gids . +If this variable is non-zero then all objects in the kernel +are visible to each other irrespective of their group membership. +If this variable is zero then the object with credentials +.Fa u2 +is visible to the object with credentials +.Fa u1 +if either +.Fa u1 +is the super-user credential, or if at least one of +.Fa u1 Ns 's +group IDs is present in +.Fa u2 Ns 's +group set. +.Sh SYSCTL VARIABLES +.Bl -tag -width indent +.It Va security.bsd.see_other_gids +Must be non-zero if objects with unprivileged credentials are to be +able to see each other. +.El +.Sh RETURN VALUES +This function returns zero if the object with credential +.Fa u1 +can +.Dq see +the object with credential +.Fa u2 , +or +.Er ESRCH +otherwise. +.Sh SEE ALSO +.Xr cr_seeotheruids 9 , +.Xr p_candebug 9 |