From nobody Thu Sep 28 15:10:56 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RxH4121HQz4ttyB; Thu, 28 Sep 2023 15:10:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RxH411bvwz3YnW; Thu, 28 Sep 2023 15:10:57 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695913857; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/hnLBI1wpCQGtyoDJ9pG4tYNDbYUMukDrSnUb14qF2s=; b=w3U95koe4NVEObdQ/xHMY9MIXxvEchmKHZ8uJXKT1NFDtHNvhZkjF9cSVoXl1aEEwTTv5k QVAYPMC/NMuFUmxEPEgv6GCRtx/TJMR8a90wYZge2z7BUCk+SfwmaF+iHMJD+BWp6EKq// zGkVwl88pt7D9A0OfzIo1ULcdDP3dyUbdXnkvIRM1os8E83Ylf+OXTjUW5/b8au5kfzkxH 22h551cGI4FDBcFkkRMdNd7UgfGtGWjeescH9KT0SW+W8aWU0tynouIi5xwuGOebgMXLPF 4leiObQ/vUqtbv+umfck3llDP5HE3wnE0C9dcFsPp+sa7Y7lhPOrR7rxp0jZlg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1695913857; a=rsa-sha256; cv=none; b=Jvz1b955TZFvJwYEkBRLoWS6PqWX1FtWVe4Ka603zSlZwewGdhUGh3d4GTFO5yAVrnyEGf uV7KKctH2wclM9gN/nz7NDaq9utaJz9Mcw6OqTnhV1DUee/PGVzRK06ZzhuZfvGdOEGf/P kU2KZuambKi+tMMDFEZJskmvGei+q9nPW2MGrdMiu12RbayW7+8rERJomtSLt2vMn28Aec JvQbqYqqp/6x014nCm+gn6pjRcgd+C7UHQNx7We1kSe5DBA51FMm2mnhp5h5UDjrGdQ3Tn s7ZZrCjkqdOTAfjocitynQuJHYoeCIQkn3B0pQTklFjNhzCBesNnwmj6VZSqSg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695913857; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/hnLBI1wpCQGtyoDJ9pG4tYNDbYUMukDrSnUb14qF2s=; b=h870c6EUJ750qEedvMRWq/jMMcFgGLb7C4xelAKOlp6w9Kydh+IvPOk7n56V1pJQWhhqbu ni7iEg65knIMNLrpK46Xrpbvh9LTBa3ojqrzwJSlbSswUhW5r5xXNax7GdHmiPViKPXFtz PdcgCewpkbaPqw3jNfxE3GI43hsEtaOmhrbrzzzeXrhXGBXslg+AF8Gmh1JBNTy/22tyV6 HSF/qEZzvMqiMnMT+JVcCoICTOrsk3FqKjN0/yTYHWuJP3nbJCjuUvhtryYuWQz4fUHc/9 +Nru8gt9Yn/zYa19I1FkS9V0tZdfqTnui+ZBH3+ev1d7r+mgWTnNR/v6ORKcBw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RxH410hfhzC6V; Thu, 28 Sep 2023 15:10:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38SFAv8J048095; Thu, 28 Sep 2023 15:10:57 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38SFAusR048092; Thu, 28 Sep 2023 15:10:56 GMT (envelope-from git) Date: Thu, 28 Sep 2023 15:10:56 GMT Message-Id: <202309281510.38SFAusR048092@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mitchell Horne Subject: git: 61b6e00bee1d - main - security(7): security.bsd.see*: Be more accurate List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mhorne X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 61b6e00bee1d39e9c688e728fbf3a4efcdb61e66 Auto-Submitted: auto-generated The branch main has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=61b6e00bee1d39e9c688e728fbf3a4efcdb61e66 commit 61b6e00bee1d39e9c688e728fbf3a4efcdb61e66 Author: Olivier Certner AuthorDate: 2023-08-17 23:54:48 +0000 Commit: Mitchell Horne CommitDate: 2023-09-28 15:05:47 +0000 security(7): security.bsd.see*: Be more accurate Reviewed by: mhorne, pauamma_gundo.com MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D41108 --- share/man/man7/security.7 | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index 63b984ff66dd..6d6742fca0bb 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 30, 2023 +.Dd August 18, 2023 .Dt SECURITY 7 .Os .Sh NAME @@ -959,16 +959,18 @@ Backwards compatibility shims for the interim sysctls under will not be added. .Bl -tag -width security.bsd.unprivileged_proc_debug .It Dv security.bsd.see_other_uids -Controls visibility of processes owned by different uid. +Controls visibility and reachability of subjects (e.g., processes) and objects +(e.g., sockets) owned by a different uid. The knob directly affects the .Dv kern.proc sysctls filtering of data, which results in restricted output from utilities like .Xr ps 1 . .It Dv security.bsd.see_other_gids -Same, for processes owned by different gid. +Same, for subjects and objects owned by a different gid. .It Dv security.bsd.see_jail_proc -Same, for processes belonging to a jail. +Same, for subjects and objects belonging to a different jail, including +sub-jails. .It Dv security.bsd.conservative_signals When enabled, unprivileged users are only allowed to send job control and usual termination signals like