docs/84453: bsd_seeotheruids root user exempt from policy

Wed Aug 3 01:50:16 UTC 2005

The following reply was made to PR docs/84453; it has been noted by GNATS.

From: g at vaned.net
To: Ceri Davies <ceri at submonkey.net>
Cc: freebsd-gnats-submit at freebsd.org
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
Date: Tue, 2 Aug 2005 20:45:02 -0500

 On Mon, Aug 01, 2005 at 11:11:37PM +0100, Ceri Davies wrote:
 > Could the submitter please post the output of "sysctl -a | grep  
 > security.mac" on the affected system?

 sagan# sysctl -a | grep security.mac
 security.mac.max_slots: 4
 security.mac.enforce_network: 1
 security.mac.enforce_pipe: 1
 security.mac.enforce_posix_sem: 1
 security.mac.enforce_process: 1
 security.mac.enforce_vm: 1
 security.mac.mmap_revocation: 1
 security.mac.mmap_revocation_via_cow: 0
 security.mac.enforce_suid: 1
 security.mac.enforce_socket: 1
 security.mac.enforce_kld: 1
 security.mac.enforce_system: 1
 security.mac.enforce_sysv_msg: 1
 security.mac.enforce_sysv_sem: 1
 security.mac.enforce_sysv_shm: 1
 security.mac.enforce_fs: 1
 security.mac.seeotheruids.specificgid: 0
 security.mac.seeotheruids.specificgid_enabled: 0
 security.mac.seeotheruids.primarygroup_enabled: 0
 security.mac.seeotheruids.enabled: 1
 sagan# whoami
 root
 sagan# ps aux | grep -v root
 USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
 smmsp  23960  0.0  0.3  3296  2692  ??  Is    8:31PM   0:00.00 sendmail: Queue 
 _dhcp  41957  0.0  0.1  1384  1068  ??  Is    8:32PM   0:00.00 dhclient: bge0 (
 user0  52449  0.0  0.3  6076  3116  ??  S     8:40PM   0:00.01 sshd: user0 at tty
 user0  33386  0.0  0.2  2532  2040  v0  I     8:31PM   0:00.06 -zsh (zsh)
 user0  52459  0.0  0.2  2512  2256  p0  Is    8:40PM   0:00.02 -zsh (zsh)