Date: Thu, 3 Dec 2009 14:14:54 +0300 From: pluknet <pluknet@gmail.com> To: Marc Silver <marcs@draenor.org> Cc: freebsd-security@freebsd.org Subject: Re: bsd.security.see_other_uids affecting netstat? Message-ID: <a31046fc0912030314j585a2942y5a5cbe427b900ca9@mail.gmail.com> In-Reply-To: <d8db8de30912030153h613b69f2l526d02da92c3d2cd@mail.gmail.com> References: <d8db8de30912030153h613b69f2l526d02da92c3d2cd@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2009/12/3 Marc Silver <marcs@draenor.org>:
> Hi guys,
>
> Please forgive if this is a bit of a noob question
>
> I noticed that when the bsd.security.see_other_uids sysctl is set to 0, the
> netstat command gives no output for users (non-root).
No, it gives no access to sockets (switched to per-inpcb since 7) not
owned by that user.
See mac_seeotheruids(4):
DESCRIPTION
The mac_seeotheruids policy module, when enabled, denies users to see
processes or sockets owned by other users.
--
wbr,
pluknet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a31046fc0912030314j585a2942y5a5cbe427b900ca9>