Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 3 Aug 2005 02:20:24 GMT
From:      Tom Rhodes <trhodes@FreeBSD.org>
To:        freebsd-doc@FreeBSD.org
Subject:   Re: docs/84453: bsd_seeotheruids root user exempt from policy
Message-ID:  <200508030220.j732KOtP019542@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR docs/84453; it has been noted by GNATS.

From: Tom Rhodes <trhodes@FreeBSD.org>
To: g@vaned.net
Cc: freebsd-doc@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
Date: Tue, 2 Aug 2005 22:11:58 -0400

 On Wed, 3 Aug 2005 01:50:15 GMT
 g@vaned.net wrote:
 
 > The following reply was made to PR docs/84453; it has been noted by
 > GNATS.
 > 
 > From: g@vaned.net
 > To: Ceri Davies <ceri@submonkey.net>
 > Cc: freebsd-gnats-submit@freebsd.org
 > Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
 > Date: Tue, 2 Aug 2005 20:45:02 -0500
 > 
 >  On Mon, Aug 01, 2005 at 11:11:37PM +0100, Ceri Davies wrote:
 >  > Could the submitter please post the output of "sysctl -a | grep  
 >  > security.mac" on the affected system?
 >  
 >  sagan# sysctl -a | grep security.mac
 >  security.mac.max_slots: 4
 
 [SNIP]
 
 >  security.mac.seeotheruids.enabled: 1
 >  sagan# whoami
 >  root
 
 [SNIP]
 
 There is not a problem with the user or user's configuration,
 there is not a problem with the handbook text,
 the software is incorrect here.
 
 The root user, or any user in the wheel group seems exempt
 from the security checks here.  Robert Watson and I have
 discussed this, but have not implemented a fix.
 
 This PR can be assigned to either myself or rwatson.  Perhaps
 to me so I can oversee it's closing.  Otherwise, just close
 it.  Thanks!
 
 -- 
 Tom Rhodes



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508030220.j732KOtP019542>