FreeBSD kernel kern code
Data Structures | Macros | Functions | Variables
kern_prot.c File Reference
#include <sys/cdefs.h>
#include "opt_compat.h"
#include "opt_inet.h"
#include "opt_inet6.h"
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/acct.h>
#include <sys/kdb.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/loginclass.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/refcount.h>
#include <sys/sx.h>
#include <sys/priv.h>
#include <sys/proc.h>
#include <sys/sysproto.h>
#include <sys/jail.h>
#include <sys/pioctl.h>
#include <sys/racct.h>
#include <sys/resourcevar.h>
#include <sys/socket.h>
#include <sys/socketvar.h>
#include <sys/syscallsubr.h>
#include <sys/sysctl.h>
#include <security/audit/audit.h>
#include <security/mac/mac_framework.h>
Include dependency graph for kern_prot.c:

Go to the source code of this file.

Data Structures

struct  getpid_args
 
struct  getppid_args
 
struct  getpgrp_args
 
struct  getpgid_args
 
struct  getsid_args
 
struct  getuid_args
 
struct  geteuid_args
 
struct  getgid_args
 
struct  getegid_args
 
struct  getgroups_args
 
struct  setsid_args
 
struct  setpgid_args
 
struct  setuid_args
 
struct  seteuid_args
 
struct  setgid_args
 
struct  setegid_args
 
struct  setgroups_args
 
struct  setreuid_args
 
struct  setregid_args
 
struct  setresuid_args
 
struct  setresgid_args
 
struct  getresuid_args
 
struct  getresgid_args
 
struct  issetugid_args
 
struct  getlogin_args
 
struct  setlogin_args
 

Macros

#define POSIX_APPENDIX_B_4_2_2
 

Functions

 __FBSDID ("$BSDSUniX$")
 
static MALLOC_DEFINE (M_CRED,"cred","credentials")
 
 SYSCTL_NODE (_security, OID_AUTO, bsd, CTLFLAG_RW, 0,"BSD security policy")
 
static void crsetgroups_locked (struct ucred *cr, int ngrp, gid_t *groups)
 
int sys_getpid (struct thread *td, struct getpid_args *uap)
 
int sys_getppid (struct thread *td, struct getppid_args *uap)
 
int sys_getpgrp (struct thread *td, struct getpgrp_args *uap)
 
int sys_getpgid (struct thread *td, struct getpgid_args *uap)
 
int sys_getsid (struct thread *td, struct getsid_args *uap)
 
int sys_getuid (struct thread *td, struct getuid_args *uap)
 
int sys_geteuid (struct thread *td, struct geteuid_args *uap)
 
int sys_getgid (struct thread *td, struct getgid_args *uap)
 
int sys_getegid (struct thread *td, struct getegid_args *uap)
 
int sys_getgroups (struct thread *td, register struct getgroups_args *uap)
 
int kern_getgroups (struct thread *td, u_int *ngrp, gid_t *groups)
 
int sys_setsid (register struct thread *td, struct setsid_args *uap)
 
int sys_setpgid (struct thread *td, register struct setpgid_args *uap)
 
int sys_setuid (struct thread *td, struct setuid_args *uap)
 
int sys_seteuid (struct thread *td, struct seteuid_args *uap)
 
int sys_setgid (struct thread *td, struct setgid_args *uap)
 
int sys_setegid (struct thread *td, struct setegid_args *uap)
 
int sys_setgroups (struct thread *td, struct setgroups_args *uap)
 
int kern_setgroups (struct thread *td, u_int ngrp, gid_t *groups)
 
int sys_setreuid (register struct thread *td, struct setreuid_args *uap)
 
int sys_setregid (register struct thread *td, struct setregid_args *uap)
 
int sys_setresuid (register struct thread *td, struct setresuid_args *uap)
 
int sys_setresgid (register struct thread *td, struct setresgid_args *uap)
 
int sys_getresuid (register struct thread *td, struct getresuid_args *uap)
 
int sys_getresgid (register struct thread *td, struct getresgid_args *uap)
 
int sys_issetugid (register struct thread *td, struct issetugid_args *uap)
 
int sys___setugid (struct thread *td, struct __setugid_args *uap)
 
int groupmember (gid_t gid, struct ucred *cred)
 
int securelevel_gt (struct ucred *cr, int level)
 
int securelevel_ge (struct ucred *cr, int level)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, see_other_uids, CTLFLAG_RW,&see_other_uids, 0,"Unprivileged processes may see subjects/objects with different real uid")
 
static int cr_seeotheruids (struct ucred *u1, struct ucred *u2)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW,&see_other_gids, 0,"Unprivileged processes may see subjects/objects with different real gid")
 
static int cr_seeothergids (struct ucred *u1, struct ucred *u2)
 
int cr_cansee (struct ucred *u1, struct ucred *u2)
 
int p_cansee (struct thread *td, struct proc *p)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, conservative_signals, CTLFLAG_RW,&conservative_signals, 0,"Unprivileged processes prevented from ""sending certain signals to processes whose credentials have changed")
 
int cr_cansignal (struct ucred *cred, struct proc *proc, int signum)
 
int p_cansignal (struct thread *td, struct proc *p, int signum)
 
int p_cansched (struct thread *td, struct proc *p)
 
 SYSCTL_INT (_security_bsd, OID_AUTO, unprivileged_proc_debug, CTLFLAG_RW,&unprivileged_proc_debug, 0,"Unprivileged processes may use process debugging facilities")
 
int p_candebug (struct thread *td, struct proc *p)
 
int cr_canseesocket (struct ucred *cred, struct socket *so)
 
int p_canwait (struct thread *td, struct proc *p)
 
struct ucred * crget (void)
 
struct ucred * crhold (struct ucred *cr)
 
void crfree (struct ucred *cr)
 
int crshared (struct ucred *cr)
 
void crcopy (struct ucred *dest, struct ucred *src)
 
struct ucred * crdup (struct ucred *cr)
 
void cru2x (struct ucred *cr, struct xucred *xcr)
 
void cred_update_thread (struct thread *td)
 
struct ucred * crcopysafe (struct proc *p, struct ucred *cr)
 
void crextend (struct ucred *cr, int n)
 
void crsetgroups (struct ucred *cr, int ngrp, gid_t *groups)
 
int sys_getlogin (struct thread *td, struct getlogin_args *uap)
 
int sys_setlogin (struct thread *td, struct setlogin_args *uap)
 
void setsugid (struct proc *p)
 
void change_euid (struct ucred *newcred, struct uidinfo *euip)
 
void change_egid (struct ucred *newcred, gid_t egid)
 
void change_ruid (struct ucred *newcred, struct uidinfo *ruip)
 
void change_rgid (struct ucred *newcred, gid_t rgid)
 
void change_svuid (struct ucred *newcred, uid_t svuid)
 
void change_svgid (struct ucred *newcred, gid_t svgid)
 

Variables

static int see_other_uids = 1
 
static int see_other_gids = 1
 
static int conservative_signals = 1
 
static int unprivileged_proc_debug = 1
 

Macro Definition Documentation

#define POSIX_APPENDIX_B_4_2_2

Definition at line 485 of file kern_prot.c.

Referenced by sys_setgid(), and sys_setuid().

Function Documentation

__FBSDID ( "$BSDSUniX$"  )
void change_egid ( struct ucred *  newcred,
gid_t  egid 
)

Definition at line 2159 of file kern_prot.c.

Referenced by do_execve(), sys_setegid(), sys_setgid(), sys_setregid(), and sys_setresgid().

Here is the caller graph for this function:

void change_euid ( struct ucred *  newcred,
struct uidinfo *  euip 
)

Definition at line 2143 of file kern_prot.c.

References uifree(), and uihold().

Referenced by do_execve(), sys_seteuid(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the call graph for this function:

Here is the caller graph for this function:

void change_rgid ( struct ucred *  newcred,
gid_t  rgid 
)

Definition at line 2192 of file kern_prot.c.

Referenced by sys_setgid(), sys_setregid(), and sys_setresgid().

Here is the caller graph for this function:

void change_ruid ( struct ucred *  newcred,
struct uidinfo *  ruip 
)

Definition at line 2174 of file kern_prot.c.

References chgproccnt(), uifree(), and uihold().

Referenced by sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the call graph for this function:

Here is the caller graph for this function:

void change_svgid ( struct ucred *  newcred,
gid_t  svgid 
)

Definition at line 2218 of file kern_prot.c.

Referenced by do_execve(), sys_setgid(), sys_setregid(), and sys_setresgid().

Here is the caller graph for this function:

void change_svuid ( struct ucred *  newcred,
uid_t  svuid 
)

Definition at line 2205 of file kern_prot.c.

Referenced by do_execve(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the caller graph for this function:

int cr_cansee ( struct ucred *  u1,
struct ucred *  u2 
)

Definition at line 1401 of file kern_prot.c.

References cr_seeothergids(), cr_seeotheruids(), and prison_check().

Referenced by p_cansee(), and unp_pcblist().

Here is the call graph for this function:

Here is the caller graph for this function:

int cr_canseesocket ( struct ucred *  cred,
struct socket *  so 
)

Definition at line 1721 of file kern_prot.c.

References cr_seeothergids(), cr_seeotheruids(), and prison_check().

Here is the call graph for this function:

int cr_cansignal ( struct ucred *  cred,
struct proc *  proc,
int  signum 
)

Definition at line 1456 of file kern_prot.c.

References conservative_signals, cr_seeothergids(), cr_seeotheruids(), prison_check(), and priv_check_cred().

Referenced by p_cansignal().

Here is the call graph for this function:

Here is the caller graph for this function:

static int cr_seeothergids ( struct ucred *  u1,
struct ucred *  u2 
)
static

Definition at line 1373 of file kern_prot.c.

References groupmember(), priv_check_cred(), and see_other_gids.

Referenced by cr_cansee(), cr_canseesocket(), cr_cansignal(), p_candebug(), and p_cansched().

Here is the call graph for this function:

Here is the caller graph for this function:

static int cr_seeotheruids ( struct ucred *  u1,
struct ucred *  u2 
)
static

Definition at line 1343 of file kern_prot.c.

References priv_check_cred(), and see_other_uids.

Referenced by cr_cansee(), cr_canseesocket(), cr_cansignal(), p_candebug(), p_cansched(), and p_canwait().

Here is the call graph for this function:

Here is the caller graph for this function:

void crcopy ( struct ucred *  dest,
struct ucred *  src 
)

Definition at line 1882 of file kern_prot.c.

References crsetgroups(), crshared(), prison_hold(), and uihold().

Referenced by crcopysafe(), crdup(), create_init(), and do_jail_attach().

Here is the call graph for this function:

Here is the caller graph for this function:

struct ucred* crcopysafe ( struct proc *  p,
struct ucred *  cr 
)

Definition at line 1953 of file kern_prot.c.

References crcopy(), and crextend().

Referenced by do_execve(), kern_setgroups(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setloginclass(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the call graph for this function:

Here is the caller graph for this function:

struct ucred* crdup ( struct ucred *  cr)

Definition at line 1906 of file kern_prot.c.

References crcopy(), and crget().

Referenced by kern_accessat(), and vfs_mount_alloc().

Here is the call graph for this function:

Here is the caller graph for this function:

void cred_update_thread ( struct thread *  td)

Definition at line 1938 of file kern_prot.c.

References crfree(), and crhold().

Referenced by ast(), create_init(), and syscallenter().

Here is the call graph for this function:

Here is the caller graph for this function:

void crextend ( struct ucred *  cr,
int  n 
)

Definition at line 1977 of file kern_prot.c.

References free(), and malloc().

Referenced by crcopysafe(), crget(), crsetgroups(), and kern_setgroups().

Here is the call graph for this function:

Here is the caller graph for this function:

void crfree ( struct ucred *  cr)

Definition at line 1835 of file kern_prot.c.

References free(), loginclass_free(), prison_free(), and uifree().

Referenced by _fdrop(), acct_disable(), aio_free_entry(), alq_shutdown(), create_init(), create_thread(), cred_update_thread(), do_execve(), do_jail_attach(), fsetown(), funsetown(), funsetownlst(), getnewbuf_reuse_bp(), kern_accessat(), kern_msgctl(), kern_semctl(), kern_setgroups(), proc_reap(), ptsdrv_free(), shm_deallocate_segment(), sodealloc(), sys_ktrace(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setloginclass(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), sys_setuid(), sysctl_kern_proc_groups(), thread_reap(), thread_wait(), vfs_free_addrlist(), vfs_free_netcred(), and vfs_mount_destroy().

Here is the call graph for this function:

Here is the caller graph for this function:

struct ucred* crget ( void  )

Definition at line 1804 of file kern_prot.c.

References crextend(), and malloc().

Referenced by crdup(), create_init(), do_execve(), do_jail_attach(), kern_setgroups(), proc0_init(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setloginclass(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), sys_setuid(), and vfs_hang_addrlist().

Here is the call graph for this function:

Here is the caller graph for this function:

struct ucred* crhold ( struct ucred *  cr)

Definition at line 1824 of file kern_prot.c.

Referenced by aio_aqueue(), alq_open_flags(), breada(), breadn_flags(), cluster_wbuild_gb(), create_thread(), cred_update_thread(), do_fork(), falloc_noinstall(), fsetown(), kthread_add(), make_dev_credv(), proc0_init(), pts_alloc(), pts_alloc_external(), shmget_allocate_segment(), socreate(), sonewconn(), sys_acct(), sys_msgget(), sys_semget(), sysctl_kern_proc_groups(), and vfs_stdcheckexp().

Here is the caller graph for this function:

void crsetgroups ( struct ucred *  cr,
int  ngrp,
gid_t *  groups 
)

Definition at line 2052 of file kern_prot.c.

References crextend(), crsetgroups_locked(), and ngroups_max.

Referenced by crcopy(), and vfs_hang_addrlist().

Here is the call graph for this function:

Here is the caller graph for this function:

static void crsetgroups_locked ( struct ucred *  cr,
int  ngrp,
gid_t *  groups 
)
static

Definition at line 2020 of file kern_prot.c.

Referenced by crsetgroups(), and kern_setgroups().

Here is the caller graph for this function:

int crshared ( struct ucred *  cr)

Definition at line 1872 of file kern_prot.c.

Referenced by crcopy().

Here is the caller graph for this function:

void cru2x ( struct ucred *  cr,
struct xucred *  xcr 
)

Definition at line 1919 of file kern_prot.c.

Referenced by uipc_listen(), and unp_connect().

Here is the caller graph for this function:

int groupmember ( gid_t  gid,
struct ucred *  cred 
)

Definition at line 1267 of file kern_prot.c.

Referenced by _acl_denies(), can_hardlink(), cr_seeothergids(), ipcperm(), ksem_chown(), mqf_chown(), mqfs_setattr(), p_candebug(), shm_chown(), vaccess(), and vaccess_acl_posix1e().

Here is the caller graph for this function:

int kern_getgroups ( struct thread *  td,
u_int *  ngrp,
gid_t *  groups 
)

Definition at line 313 of file kern_prot.c.

Referenced by sys_getgroups().

Here is the caller graph for this function:

int kern_setgroups ( struct thread *  td,
u_int  ngrp,
gid_t *  groups 
)

Definition at line 827 of file kern_prot.c.

References crcopysafe(), crextend(), crfree(), crget(), crsetgroups_locked(), ngroups_max, priv_check_cred(), and setsugid().

Referenced by sys_setgroups().

Here is the call graph for this function:

Here is the caller graph for this function:

static MALLOC_DEFINE ( M_CRED  ,
"cred"  ,
"credentials"   
)
static
int p_candebug ( struct thread *  td,
struct proc *  p 
)

Definition at line 1627 of file kern_prot.c.

References cr_seeothergids(), cr_seeotheruids(), groupmember(), initproc, prison_check(), priv_check(), securelevel_gt(), and unprivileged_proc_debug.

Referenced by kern_ptrace(), and pget().

Here is the call graph for this function:

Here is the caller graph for this function:

int p_cansched ( struct thread *  td,
struct proc *  p 
)

Definition at line 1575 of file kern_prot.c.

References cr_seeothergids(), cr_seeotheruids(), prison_check(), and priv_check().

Referenced by cpuset_which(), donice(), protect_setchild(), sys_rtprio(), and sys_rtprio_thread().

Here is the call graph for this function:

Here is the caller graph for this function:

int p_cansee ( struct thread *  td,
struct proc *  p 
)

Definition at line 1426 of file kern_prot.c.

References cr_cansee().

Referenced by filt_procattach(), kern_procctl(), kern_ptrace(), pget(), sys_getpgid(), sys_getpriority(), sys_getsid(), sys_ktrace(), sys_rtprio(), sys_rtprio_thread(), sys_setpgid(), sys_setpriority(), sysctl_kern_file(), and sysctl_kern_proc().

Here is the call graph for this function:

Here is the caller graph for this function:

int p_cansignal ( struct thread *  td,
struct proc *  p,
int  signum 
)

Definition at line 1534 of file kern_prot.c.

References cr_cansignal().

Referenced by killpg1(), sys_kill(), sys_pdkill(), sys_sigqueue(), and sys_thr_kill2().

Here is the call graph for this function:

Here is the caller graph for this function:

int p_canwait ( struct thread *  td,
struct proc *  p 
)

Definition at line 1779 of file kern_prot.c.

References cr_seeotheruids(), and prison_check().

Referenced by proc_to_reap().

Here is the call graph for this function:

Here is the caller graph for this function:

int securelevel_ge ( struct ucred *  cr,
int  level 
)

Definition at line 1317 of file kern_prot.c.

int securelevel_gt ( struct ucred *  cr,
int  level 
)

Definition at line 1310 of file kern_prot.c.

Referenced by firmware_get(), kern_kldload(), kern_kldunload(), p_candebug(), settime(), and sysctl_root().

Here is the caller graph for this function:

void setsugid ( struct proc *  p)

Definition at line 2127 of file kern_prot.c.

Referenced by do_execve(), do_jail_attach(), kern_setgroups(), sys_setegid(), sys_seteuid(), sys_setgid(), sys_setregid(), sys_setresgid(), sys_setresuid(), sys_setreuid(), and sys_setuid().

Here is the caller graph for this function:

int sys___setugid ( struct thread *  td,
struct __setugid_args *  uap 
)

Definition at line 1237 of file kern_prot.c.

int sys_getegid ( struct thread *  td,
struct getegid_args uap 
)

Definition at line 272 of file kern_prot.c.

int sys_geteuid ( struct thread *  td,
struct geteuid_args uap 
)

Definition at line 236 of file kern_prot.c.

int sys_getgid ( struct thread *  td,
struct getgid_args uap 
)

Definition at line 250 of file kern_prot.c.

int sys_getgroups ( struct thread *  td,
register struct getgroups_args uap 
)

Definition at line 286 of file kern_prot.c.

References free(), getgroups_args::gidset, getgroups_args::gidsetsize, kern_getgroups(), and malloc().

Here is the call graph for this function:

int sys_getlogin ( struct thread *  td,
struct getlogin_args uap 
)

Definition at line 2073 of file kern_prot.c.

References getlogin_args::namebuf, and getlogin_args::namelen.

int sys_getpgid ( struct thread *  td,
struct getpgid_args uap 
)

Definition at line 157 of file kern_prot.c.

References p_cansee(), pfind(), and getpgid_args::pid.

Here is the call graph for this function:

int sys_getpgrp ( struct thread *  td,
struct getpgrp_args uap 
)

Definition at line 140 of file kern_prot.c.

int sys_getpid ( struct thread *  td,
struct getpid_args uap 
)

Definition at line 101 of file kern_prot.c.

int sys_getppid ( struct thread *  td,
struct getppid_args uap 
)

Definition at line 121 of file kern_prot.c.

int sys_getresgid ( register struct thread *  td,
struct getresgid_args uap 
)

Definition at line 1193 of file kern_prot.c.

References getresgid_args::egid, getresgid_args::rgid, and getresgid_args::sgid.

int sys_getresuid ( register struct thread *  td,
struct getresuid_args uap 
)

Definition at line 1166 of file kern_prot.c.

References getresuid_args::euid, getresuid_args::ruid, and getresuid_args::suid.

int sys_getsid ( struct thread *  td,
struct getsid_args uap 
)

Definition at line 189 of file kern_prot.c.

References p_cansee(), pfind(), and getsid_args::pid.

Here is the call graph for this function:

int sys_getuid ( struct thread *  td,
struct getuid_args uap 
)

Definition at line 219 of file kern_prot.c.

int sys_issetugid ( register struct thread *  td,
struct issetugid_args uap 
)

Definition at line 1218 of file kern_prot.c.

int sys_setegid ( struct thread *  td,
struct setegid_args uap 
)

Definition at line 762 of file kern_prot.c.

References change_egid(), crcopysafe(), crfree(), crget(), setegid_args::egid, priv_check_cred(), and setsugid().

Here is the call graph for this function:

int sys_seteuid ( struct thread *  td,
struct seteuid_args uap 
)

Definition at line 608 of file kern_prot.c.

References change_euid(), crcopysafe(), crfree(), crget(), seteuid_args::euid, priv_check_cred(), setsugid(), uifind(), and uifree().

Here is the call graph for this function:

int sys_setgid ( struct thread *  td,
struct setgid_args uap 
)

Definition at line 664 of file kern_prot.c.

References change_egid(), change_rgid(), change_svgid(), crcopysafe(), crfree(), crget(), setgid_args::gid, POSIX_APPENDIX_B_4_2_2, priv_check_cred(), and setsugid().

Here is the call graph for this function:

int sys_setgroups ( struct thread *  td,
struct setgroups_args uap 
)

Definition at line 809 of file kern_prot.c.

References free(), setgroups_args::gidset, setgroups_args::gidsetsize, kern_setgroups(), malloc(), and ngroups_max.

Here is the call graph for this function:

int sys_setlogin ( struct thread *  td,
struct setlogin_args uap 
)

Definition at line 2101 of file kern_prot.c.

References CTASSERT(), setlogin_args::namebuf, and priv_check().

Here is the call graph for this function:

int sys_setpgid ( struct thread *  td,
register struct setpgid_args uap 
)

Definition at line 394 of file kern_prot.c.

References enterpgrp(), enterthispgrp(), free(), inferior(), malloc(), p_cansee(), pfind(), pgfind(), setpgid_args::pgid, setpgid_args::pid, and proctree_lock.

Here is the call graph for this function:

int sys_setregid ( register struct thread *  td,
struct setregid_args uap 
)

Definition at line 952 of file kern_prot.c.

References change_egid(), change_rgid(), change_svgid(), crcopysafe(), crfree(), crget(), setregid_args::egid, priv_check_cred(), setregid_args::rgid, and setsugid().

Here is the call graph for this function:

int sys_setresgid ( register struct thread *  td,
struct setresgid_args uap 
)

Definition at line 1099 of file kern_prot.c.

References change_egid(), change_rgid(), change_svgid(), crcopysafe(), crfree(), crget(), setresgid_args::egid, priv_check_cred(), setresgid_args::rgid, setsugid(), and setresgid_args::sgid.

Here is the call graph for this function:

int sys_setresuid ( register struct thread *  td,
struct setresuid_args uap 
)

Definition at line 1017 of file kern_prot.c.

References change_euid(), change_ruid(), change_svuid(), crcopysafe(), crfree(), crget(), setresuid_args::euid, priv_check_cred(), setresuid_args::ruid, setsugid(), setresuid_args::suid, uifind(), and uifree().

Here is the call graph for this function:

int sys_setreuid ( register struct thread *  td,
struct setreuid_args uap 
)

Definition at line 882 of file kern_prot.c.

References change_euid(), change_ruid(), change_svuid(), crcopysafe(), crfree(), crget(), setreuid_args::euid, priv_check_cred(), setreuid_args::ruid, setsugid(), uifind(), and uifree().

Here is the call graph for this function:

int sys_setsid ( register struct thread *  td,
struct setsid_args uap 
)

Definition at line 336 of file kern_prot.c.

References enterpgrp(), free(), malloc(), pgfind(), and proctree_lock.

Referenced by aio_daemon().

Here is the call graph for this function:

Here is the caller graph for this function:

int sys_setuid ( struct thread *  td,
struct setuid_args uap 
)

Definition at line 494 of file kern_prot.c.

References change_euid(), change_ruid(), change_svuid(), crcopysafe(), crfree(), crget(), POSIX_APPENDIX_B_4_2_2, priv_check_cred(), setsugid(), setuid_args::uid, uifind(), and uifree().

Here is the call graph for this function:

SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
see_other_uids  ,
CTLFLAG_RW  ,
see_other_uids,
,
"Unprivileged processes may see subjects/objects with different real uid"   
)
SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
see_other_gids  ,
CTLFLAG_RW  ,
see_other_gids,
,
"Unprivileged processes may see subjects/objects with different real gid"   
)
SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
conservative_signals  ,
CTLFLAG_RW  ,
conservative_signals,
,
"Unprivileged processes prevented from ""sending certain signals to processes whose credentials have changed"   
)
SYSCTL_INT ( _security_bsd  ,
OID_AUTO  ,
unprivileged_proc_debug  ,
CTLFLAG_RW  ,
unprivileged_proc_debug,
,
"Unprivileged processes may use process debugging facilities"   
)
SYSCTL_NODE ( _security  ,
OID_AUTO  ,
bsd  ,
CTLFLAG_RW  ,
,
"BSD security policy"   
)

Variable Documentation

int conservative_signals = 1
static

Definition at line 1445 of file kern_prot.c.

Referenced by cr_cansignal().

int see_other_gids = 1
static

Definition at line 1359 of file kern_prot.c.

Referenced by cr_seeothergids().

int see_other_uids = 1
static

Definition at line 1329 of file kern_prot.c.

Referenced by cr_seeotheruids().

int unprivileged_proc_debug = 1
static

Definition at line 1613 of file kern_prot.c.

Referenced by p_candebug().