From owner-freebsd-doc@FreeBSD.ORG  Wed Aug  3 01:50:16 2005
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
X-Original-To: freebsd-doc@hub.freebsd.org
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3B60216A41F
	for <freebsd-doc@hub.freebsd.org>; Wed,  3 Aug 2005 01:50:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0688143D45
	for <freebsd-doc@hub.freebsd.org>; Wed,  3 Aug 2005 01:50:16 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j731oFwr014153
	for <freebsd-doc@freefall.freebsd.org>; Wed, 3 Aug 2005 01:50:15 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j731oFJk014152;
	Wed, 3 Aug 2005 01:50:15 GMT (envelope-from gnats)
Date: Wed, 3 Aug 2005 01:50:15 GMT
Message-Id: <200508030150.j731oFJk014152@freefall.freebsd.org>
To: freebsd-doc@FreeBSD.org
From: g@vaned.net
Cc: 
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: g@vaned.net
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2005 01:50:16 -0000

The following reply was made to PR docs/84453; it has been noted by GNATS.

From: g@vaned.net
To: Ceri Davies <ceri@submonkey.net>
Cc: freebsd-gnats-submit@freebsd.org
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
Date: Tue, 2 Aug 2005 20:45:02 -0500

 On Mon, Aug 01, 2005 at 11:11:37PM +0100, Ceri Davies wrote:
 > Could the submitter please post the output of "sysctl -a | grep  
 > security.mac" on the affected system?
 
 sagan# sysctl -a | grep security.mac
 security.mac.max_slots: 4
 security.mac.enforce_network: 1
 security.mac.enforce_pipe: 1
 security.mac.enforce_posix_sem: 1
 security.mac.enforce_process: 1
 security.mac.enforce_vm: 1
 security.mac.mmap_revocation: 1
 security.mac.mmap_revocation_via_cow: 0
 security.mac.enforce_suid: 1
 security.mac.enforce_socket: 1
 security.mac.enforce_kld: 1
 security.mac.enforce_system: 1
 security.mac.enforce_sysv_msg: 1
 security.mac.enforce_sysv_sem: 1
 security.mac.enforce_sysv_shm: 1
 security.mac.enforce_fs: 1
 security.mac.seeotheruids.specificgid: 0
 security.mac.seeotheruids.specificgid_enabled: 0
 security.mac.seeotheruids.primarygroup_enabled: 0
 security.mac.seeotheruids.enabled: 1
 sagan# whoami
 root
 sagan# ps aux | grep -v root
 USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
 smmsp  23960  0.0  0.3  3296  2692  ??  Is    8:31PM   0:00.00 sendmail: Queue 
 _dhcp  41957  0.0  0.1  1384  1068  ??  Is    8:32PM   0:00.00 dhclient: bge0 (
 user0  52449  0.0  0.3  6076  3116  ??  S     8:40PM   0:00.01 sshd: user0@tty
 user0  33386  0.0  0.2  2532  2040  v0  I     8:31PM   0:00.06 -zsh (zsh)
 user0  52459  0.0  0.2  2512  2256  p0  Is    8:40PM   0:00.02 -zsh (zsh)