Date: Thu, 3 Dec 2009 14:14:54 +0300 From: pluknet <pluknet@gmail.com> To: Marc Silver <marcs@draenor.org> Cc: freebsd-security@freebsd.org Subject: Re: bsd.security.see_other_uids affecting netstat? Message-ID: <a31046fc0912030314j585a2942y5a5cbe427b900ca9@mail.gmail.com> In-Reply-To: <d8db8de30912030153h613b69f2l526d02da92c3d2cd@mail.gmail.com> References: <d8db8de30912030153h613b69f2l526d02da92c3d2cd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/12/3 Marc Silver <marcs@draenor.org>: > Hi guys, > > Please forgive if this is a bit of a noob question > > I noticed that when the bsd.security.see_other_uids sysctl is set to 0, the > netstat command gives no output for users (non-root). No, it gives no access to sockets (switched to per-inpcb since 7) not owned by that user. See mac_seeotheruids(4): DESCRIPTION The mac_seeotheruids policy module, when enabled, denies users to see processes or sockets owned by other users. -- wbr, pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a31046fc0912030314j585a2942y5a5cbe427b900ca9>