docs/84453: bsd_seeotheruids root user exempt from policy
Tom Rhodes
trhodes at FreeBSD.org
Wed Aug 3 02:13:12 UTC 2005
On Wed, 3 Aug 2005 01:50:15 GMT
g at vaned.net wrote:
> The following reply was made to PR docs/84453; it has been noted by
> GNATS.
>
> From: g at vaned.net
> To: Ceri Davies <ceri at submonkey.net>
> Cc: freebsd-gnats-submit at freebsd.org
> Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
> Date: Tue, 2 Aug 2005 20:45:02 -0500
>
> On Mon, Aug 01, 2005 at 11:11:37PM +0100, Ceri Davies wrote:
> > Could the submitter please post the output of "sysctl -a | grep
> > security.mac" on the affected system?
>
> sagan# sysctl -a | grep security.mac
> security.mac.max_slots: 4
[SNIP]
> security.mac.seeotheruids.enabled: 1
> sagan# whoami
> root
[SNIP]
There is not a problem with the user or user's configuration,
there is not a problem with the handbook text,
the software is incorrect here.
The root user, or any user in the wheel group seems exempt
from the security checks here. Robert Watson and I have
discussed this, but have not implemented a fix.
This PR can be assigned to either myself or rwatson. Perhaps
to me so I can oversee it's closing. Otherwise, just close
it. Thanks!
--
Tom Rhodes
More information about the freebsd-doc
mailing list