From nobody Wed Oct 18 18:03:59 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4S9dyR6bNGz4xL3l; Wed, 18 Oct 2023 18:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4S9dyR5mjtz4Y4X; Wed, 18 Oct 2023 18:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1697652239; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cvoHkJnVr+KDmWqMfgsCYtft80MZj1I6RsPij63FPFI=; b=qliiviOCpbSRCPINJG75FMdL82CJfCNNoWdAAUXQlPARW6Sb3CZaRek3eUT1qEuCO4QKRz 1yQ4zR4MXZn6C1S4Q6U1cJ0U2R2LyRFONAJfoagVTThdoR1/2c5+s3k4aaoLoQ/x1m8qsh cdFvbEguDI+wq3XgPjVyL7v4oMffZ3+h1TpiJV+GxC4S7fs4mgXNKgOaMwGqS1YlfMDlGE HzMDQltNVimqiRN58ygsXR70QhKe+uM2P+fTkF9vIRE0i74+wJ0IlzOxBa1mGv2bXJGaY8 NncGhspAVkACOB5V2R+cvoERmsdVj+BTCWcd7gP3DhVAcjxoC0qpU1wZq8/wUg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1697652239; a=rsa-sha256; cv=none; b=BuQAOMtyvY4JzC79MNhr3DTW/dnPmBrFwTT7I4R5i+4sSD4rUps4UDcdMm5h2SEsG0qbMv cGx7e6WTqsI2OtQzW4+TQeCjMKZ43L8kyn5A0oUVzXv8duZ7CPKPjcUza2uZZrMWBbkOhu zh5NNd1hY4wkIT72ty0NQasSXRtifZvRPkK12KHZERjEA672xJb6E1NDbIta0MNroH/Jin V5M+M/OC9CW/rbKw1/JCyJsHxzDUQpREMWd8U/22dEXClRwlelwWNvDlZLjWgDlkzEsRD3 0nK8XKm0R2re8aWV+nV6INm8/pCJHRPb90mtASXLvEGtVWqfH2DwTFmW6zhohw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1697652239; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=cvoHkJnVr+KDmWqMfgsCYtft80MZj1I6RsPij63FPFI=; b=LDhN6H7LwJBM+rK6mJvD0QouDv3NEZYXv5KWqPDecnok/blAMBa0MKyVCr/NGKklM9EZmQ qiGQTHmqhwwi+FSQt4Z8+y5lS8Elukc73SIUhy4H0sUO8FIWWJMkgc6LHZxa/x56IIcwjr yofdRmKgsvneIposhueP616WHmcAf3smsKtrmgTzUEJSz57YIk1u8++OmTlJ0Lfz3PI2Ly g1O5CEndERGr+fCDz1ge/ciSAy2GbQtNZMPk2upr/6VepSuLwTxfiQ23rSdI2u6bhLawfz Q1C38f3piXJmEJ6t7PF6BRlgy9TuMFzVs1z9j+dfvB3l1RCzBK3+aebD7PUJ6Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4S9dyR4r83z27K; Wed, 18 Oct 2023 18:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 39II3xYD045112; Wed, 18 Oct 2023 18:03:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 39II3xGd045108; Wed, 18 Oct 2023 18:03:59 GMT (envelope-from git) Date: Wed, 18 Oct 2023 18:03:59 GMT Message-Id: <202310181803.39II3xGd045108@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mitchell Horne Subject: git: 22e1db5995e6 - releng/14.0 - security(7): security.bsd.see*: Be more accurate List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mhorne X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: 22e1db5995e605f8b99eba6779ae153e49557b5d Auto-Submitted: auto-generated The branch releng/14.0 has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=22e1db5995e605f8b99eba6779ae153e49557b5d commit 22e1db5995e605f8b99eba6779ae153e49557b5d Author: Olivier Certner AuthorDate: 2023-08-17 23:54:48 +0000 Commit: Mitchell Horne CommitDate: 2023-10-18 18:02:07 +0000 security(7): security.bsd.see*: Be more accurate Approved by: re (gjb) Reviewed by: mhorne, pauamma_gundo.com Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D41108 (cherry picked from commit 61b6e00bee1d39e9c688e728fbf3a4efcdb61e66) (cherry picked from commit 74f2fb1778e815bfd982ca8a09f5b31dd93ccd0f) --- share/man/man7/security.7 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index ebe5e66e22af..a48e3607f0e5 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -959,16 +959,18 @@ Backwards compatibility shims for the interim sysctls under will not be added. .Bl -tag -width security.bsd.unprivileged_proc_debug .It Dv security.bsd.see_other_uids -Controls visibility of processes owned by different uid. +Controls visibility and reachability of subjects (e.g., processes) and objects +(e.g., sockets) owned by a different uid. The knob directly affects the .Dv kern.proc sysctls filtering of data, which results in restricted output from utilities like .Xr ps 1 . .It Dv security.bsd.see_other_gids -Same, for processes owned by different gid. +Same, for subjects and objects owned by a different gid. .It Dv security.bsd.see_jail_proc -Same, for processes belonging to a jail. +Same, for subjects and objects belonging to a different jail, including +sub-jails. .It Dv security.bsd.conservative_signals When enabled, unprivileged users are only allowed to send job control and usual termination signals like