Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Oct 2023 19:43:43 GMT
From:      Mitchell Horne <mhorne@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 4a8585251944 - stable/14 - security(7): security.bsd.see*: Be more accurate
Message-ID:  <202310171943.39HJhhRM013619@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by mhorne:

URL: https://cgit.FreeBSD.org/src/commit/?id=4a8585251944e1d8f0242ee7937204e4fbcd3e8f

commit 4a8585251944e1d8f0242ee7937204e4fbcd3e8f
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:48 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-17 19:42:59 +0000

    security(7): security.bsd.see*: Be more accurate
    
    Reviewed by:            mhorne, pauamma_gundo.com
    MFC after:              2 weeks
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D41108
    
    (cherry picked from commit 61b6e00bee1d39e9c688e728fbf3a4efcdb61e66)
---
 share/man/man7/security.7 | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index ebe5e66e22af..a48e3607f0e5 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -959,16 +959,18 @@ Backwards compatibility shims for the interim sysctls under
 will not be added.
 .Bl -tag -width security.bsd.unprivileged_proc_debug
 .It Dv security.bsd.see_other_uids
-Controls visibility of processes owned by different uid.
+Controls visibility and reachability of subjects (e.g., processes) and objects
+(e.g., sockets) owned by a different uid.
 The knob directly affects the
 .Dv kern.proc
 sysctls filtering of data, which results in restricted output from
 utilities like
 .Xr ps 1 .
 .It Dv security.bsd.see_other_gids
-Same, for processes owned by different gid.
+Same, for subjects and objects owned by a different gid.
 .It Dv security.bsd.see_jail_proc
-Same, for processes belonging to a jail.
+Same, for subjects and objects belonging to a different jail, including
+sub-jails.
 .It Dv security.bsd.conservative_signals
 When enabled, unprivileged users are only allowed to send job control
 and usual termination signals like

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202310171943.39HJhhRM013619>