Re: docs/84453: bsd_seeotheruids root user exempt from policy
The following reply was made to PR docs/84453; it has been noted by GNATS.
From: Tom Rhodes <trhodes@FreeBSD.org>
To: g@vaned.net
Cc: freebsd-doc@FreeBSD.org, FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
Date: Tue, 2 Aug 2005 22:11:58 -0400
On Wed, 3 Aug 2005 01:50:15 GMT
g@vaned.net wrote:
> The following reply was made to PR docs/84453; it has been noted by
> GNATS.
>
> From: g@vaned.net
> To: Ceri Davies <ceri@submonkey.net>
> Cc: freebsd-gnats-submit@freebsd.org
> Subject: Re: docs/84453: bsd_seeotheruids root user exempt from policy
> Date: Tue, 2 Aug 2005 20:45:02 -0500
>
> On Mon, Aug 01, 2005 at 11:11:37PM +0100, Ceri Davies wrote:
> > Could the submitter please post the output of "sysctl -a | grep
> > security.mac" on the affected system?
>
> sagan# sysctl -a | grep security.mac
> security.mac.max_slots: 4
[SNIP]
> security.mac.seeotheruids.enabled: 1
> sagan# whoami
> root
[SNIP]
There is not a problem with the user or user's configuration,
there is not a problem with the handbook text,
the software is incorrect here.
The root user, or any user in the wheel group seems exempt
from the security checks here. Robert Watson and I have
discussed this, but have not implemented a fix.
This PR can be assigned to either myself or rwatson. Perhaps
to me so I can oversee it's closing. Otherwise, just close
it. Thanks!
--
Tom Rhodes
_______________________________________________
freebsd-doc@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-doc
To unsubscribe, send any mail to "freebsd-doc-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 6 之 7 篇):