HomeFreeBSD
Diffusion FreeBSD src repository 7974ca1cdbee

cr_canseejailproc(): New privilege, no direct check for UID 0
7974ca1cdbee
Actions

Description

cr_canseejailproc(): New privilege, no direct check for UID 0

Use priv_check_cred() with a new privilege (PRIV_SEEJAILPROC) instead of
explicitly testing for UID 0 (the former has been the rule for almost 20
years).

As a consequence, cr_canseejailproc() now abides by the
'security.bsd.suser_enabled' sysctl and MAC policies.

Update the MAC policies Biba and LOMAC, and prison_priv_check() so that
they don't deny this privilege. This preserves the existing behavior
(the 'root' user is not restricted, even when jailed, unless
'security.bsd.suser_enabled' is not 0) and is consistent with what is
done for the related policies/privileges (PRIV_SEEOTHERGIDS,
PRIV_SEEOTHERUIDS).

Reviewed by: emaste (earlier version), mhorne
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40626

Details

Provenance
olceAuthored on Aug 17 2023, 11:54 PM
mhorneCommitted on Sep 28 2023, 2:42 PM
Reviewer
emaste
Differential Revision
D40626: cr_canseejailproc(): New privilege, no direct check for UID 0
Parents
rG62d3f57c22ee: capsicum: add tests for copy_file_range
Branches
Unknown
Tags
Unknown

Changes (5)

PathSize
sys/
kern/
security/
mac_biba/
mac_lomac/
sys/

rG7974ca1cdbee

View Options

sys/kern/kern_jail.c

Loading...
View Options

sys/kern/kern_prot.c

Loading...
View Options

sys/security/mac_biba/mac_biba.c

Loading...
View Options

sys/security/mac_lomac/mac_lomac.c

Loading...
View Options

sys/sys/priv.h

Loading...