Date: Tue, 2 Aug 2005 22:11:58 -0400 From: Tom Rhodes <trhodes@FreeBSD.org> To: g@vaned.net Cc: freebsd-doc@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy Message-ID: <20050802221158.6fb8b57a@localhost> In-Reply-To: <200508030150.j731oFJk014152@freefall.freebsd.org> References: <200508030150.j731oFJk014152@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 Aug 2005 01:50:15 GMT g@vaned.net wrote: > The following reply was made to PR docs/84453; it has been noted by > GNATS. > > From: g@vaned.net > To: Ceri Davies <ceri@submonkey.net> > Cc: freebsd-gnats-submit@freebsd.org > Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy > Date: Tue, 2 Aug 2005 20:45:02 -0500 > > On Mon, Aug 01, 2005 at 11:11:37PM +0100, Ceri Davies wrote: > > Could the submitter please post the output of "sysctl -a | grep > > security.mac" on the affected system? > > sagan# sysctl -a | grep security.mac > security.mac.max_slots: 4 [SNIP] > security.mac.seeotheruids.enabled: 1 > sagan# whoami > root [SNIP] There is not a problem with the user or user's configuration, there is not a problem with the handbook text, the software is incorrect here. The root user, or any user in the wheel group seems exempt from the security checks here. Robert Watson and I have discussed this, but have not implemented a fix. This PR can be assigned to either myself or rwatson. Perhaps to me so I can oversee it's closing. Otherwise, just close it. Thanks! -- Tom Rhodes
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050802221158.6fb8b57a>