From owner-freebsd-doc@FreeBSD.ORG  Wed Aug  3 02:20:25 2005
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
X-Original-To: freebsd-doc@hub.freebsd.org
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3173716A420
	for <freebsd-doc@hub.freebsd.org>; Wed,  3 Aug 2005 02:20:25 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F34CB43D48
	for <freebsd-doc@hub.freebsd.org>; Wed,  3 Aug 2005 02:20:24 +0000 (GMT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j732KOgQ019543
	for <freebsd-doc@freefall.freebsd.org>; Wed, 3 Aug 2005 02:20:24 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j732KOtP019542;
	Wed, 3 Aug 2005 02:20:24 GMT (envelope-from gnats)
Date: Wed, 3 Aug 2005 02:20:24 GMT
Message-Id: <200508030220.j732KOtP019542@freefall.freebsd.org>
To: freebsd-doc@FreeBSD.org
From: Tom Rhodes <trhodes@FreeBSD.org>
Cc: 
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
X-BeenThere: freebsd-doc@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Tom Rhodes <trhodes@FreeBSD.org>
List-Id: Documentation project <freebsd-doc.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-doc>
List-Post: <mailto:freebsd-doc@freebsd.org>
List-Help: <mailto:freebsd-doc-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-doc>,
	<mailto:freebsd-doc-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2005 02:20:25 -0000

The following reply was made to PR docs/84453; it has been noted by GNATS.

From: Tom Rhodes <trhodes@FreeBSD.org>
To: g@vaned.net
Cc: freebsd-doc@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
Date: Tue, 2 Aug 2005 22:11:58 -0400

 On Wed, 3 Aug 2005 01:50:15 GMT
 g@vaned.net wrote:
 
 > The following reply was made to PR docs/84453; it has been noted by
 > GNATS.
 > 
 > From: g@vaned.net
 > To: Ceri Davies <ceri@submonkey.net>
 > Cc: freebsd-gnats-submit@freebsd.org
 > Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
 > Date: Tue, 2 Aug 2005 20:45:02 -0500
 > 
 >  On Mon, Aug 01, 2005 at 11:11:37PM +0100, Ceri Davies wrote:
 >  > Could the submitter please post the output of "sysctl -a | grep  
 >  > security.mac" on the affected system?
 >  
 >  sagan# sysctl -a | grep security.mac
 >  security.mac.max_slots: 4
 
 [SNIP]
 
 >  security.mac.seeotheruids.enabled: 1
 >  sagan# whoami
 >  root
 
 [SNIP]
 
 There is not a problem with the user or user's configuration,
 there is not a problem with the handbook text,
 the software is incorrect here.
 
 The root user, or any user in the wheel group seems exempt
 from the security checks here.  Robert Watson and I have
 discussed this, but have not implemented a fix.
 
 This PR can be assigned to either myself or rwatson.  Perhaps
 to me so I can oversee it's closing.  Otherwise, just close
 it.  Thanks!
 
 -- 
 Tom Rhodes