From owner-freebsd-bugs@FreeBSD.ORG  Mon Aug  1 22:11:43 2005
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@FreeBSD.org
Delivered-To: freebsd-bugs@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9121416A516;
	Mon,  1 Aug 2005 22:11:43 +0000 (GMT)
	(envelope-from ceri@submonkey.net)
Received: from shrike.submonkey.net (cpc4-cdif2-3-1-cust199.cdif.cable.ntl.com
	[82.31.76.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 088D043D49;
	Mon,  1 Aug 2005 22:11:42 +0000 (GMT)
	(envelope-from ceri@submonkey.net)
Received: from hymir.private.submonkey.net ([192.168.10.15])
	by shrike.submonkey.net with esmtps (TLSv1:RC4-SHA:128)
	(Exim 4.52 (FreeBSD))
	id 1DziVW-0002Om-FR; Mon, 01 Aug 2005 23:11:41 +0100
In-Reply-To: <200508012127.j71LRp3K000897@freefall.freebsd.org>
References: <200508012127.j71LRp3K000897@freefall.freebsd.org>
Mime-Version: 1.0 (Apple Message framework v733)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <6AD0E165-C5F6-4516-B987-05F4D74F5E7F@submonkey.net>
Content-Transfer-Encoding: 7bit
From: Ceri Davies <ceri@submonkey.net>
Date: Mon, 1 Aug 2005 23:11:37 +0100
To: Mark Linimon <linimon@FreeBSD.org>,
 glaive@vaned.net
X-Mailer: Apple Mail (2.733)
Cc: freebsd-bugs@FreeBSD.org, freebsd-gnats-submit@freebsd.org
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Aug 2005 22:11:44 -0000


On 1 Aug 2005, at 21:27, Mark Linimon wrote:

> Synopsis: bsd_seeotheruids root user exempt from policy
>
> Responsible-Changed-From-To: freebsd-bugs->freebsd-doc
> Responsible-Changed-By: linimon
> Responsible-Changed-When: Mon Aug 1 21:27:15 GMT 2005
> Responsible-Changed-Why:
> This sounds like a problem with the Handbook.

More information is required.  Simply loading the kernel module is  
not enough; the sysctl security.mac.seeotheruids.enabled must be set  
to 1 for the policy to be active.

Could the submitter please post the output of "sysctl -a | grep  
security.mac" on the affected system?

Ceri
-- 
Only two things are infinite, the universe and human stupidity, and I'm
not sure about the former.                        -- Einstein (attrib.)