xref: /netbsd-src/share/man/man9/secmodel_extensions.9 (revision 4805589d3d71e15740384c025252388e46737881) 
1.\" $NetBSD: secmodel_extensions.9,v 1.7 2022/03/27 16:36:11 christos Exp $
2.\"
3.\" Copyright (c) 2011 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" This code is derived from software contributed to The NetBSD Foundation
7.\" by Jean-Yves Migeon <jym@NetBSD.org>
8.\"
9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions
11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28.\" POSSIBILITY OF SUCH DAMAGE.
29.\"
30.Dd March 27, 2022
31.Dt SECMODEL_EXTENSIONS 9
32.Os
33.Sh NAME
34.Nm secmodel_extensions
35.Nd extensions security model
36.Sh DESCRIPTION
37.Nm
38implements extensions to the traditional security model based on
39the original
40.Bx 4.4 .
41They can be used to grant additional privileges to ordinary users, or
42enable specific security measures like curtain mode.
43.Pp
44The extensions are described below.
45.Sh Curtain mode
46When enabled, all returned objects will be filtered according to
47the user-id requesting information about them, preventing users from
48accessing objects they do not own.
49.Pp
50It affects the output of many commands, including
51.Xr fstat 1 ,
52.Xr netstat 1 ,
53.Xr ps 1 ,
54.Xr sockstat 1 ,
55and
56.Xr w 1 .
57.Pp
58This extension is enabled by setting
59.Pa security.models.extensions.curtain
60or
61.Pa security.curtain
62.Xr sysctl 7
63to a non-zero value.
64.Pp
65It can be enabled at any time, but cannot be disabled
66anymore when the
67.Em securelevel
68of the system is above 0.
69.Sh Non-superuser mounts
70When enabled, it allows file-systems to be mounted by an ordinary user
71who owns the point
72.Ar node
73and has at least read access to the
74.Ar special
75device
76.Xr mount 8
77arguments.
78Note that the
79.Cm nosuid
80and
81.Cm nodev
82flags must be given for non-superuser mounts.
83.Pp
84This extension is enabled by setting
85.Pa security.models.extensions.usermount
86or
87.Pa vfs.generic.usermount
88.Xr sysctl 7
89to a non-zero value.
90.Pp
91It can be disabled at any time, but cannot be enabled
92anymore when the
93.Em securelevel
94of the system is above 0.
95.Sh Non-superuser control of CPU sets
96When enabled, an ordinary user is allowed to control the CPU
97.Xr affinity 3
98of the processes and threads they own.
99.Pp
100This extension is enabled by setting
101.Pa security.models.extensions.user_set_cpu_affinity
102.Xr sysctl 7
103to a non-zero value.
104.Pp
105It can be disabled at any time, but cannot be enabled
106anymore when the
107.Em securelevel
108of the system is above 0.
109.Sh Hardlink restrictions
110Prevent hardlinks to files that the user does not own or has group access
111to.
112.Pp
113To enable user ownership checks, set the
114.Xr sysctl 7
115variable
116.Pa security.models.extensions.hardlink_check_uid
117to a non-zero value.
118.Pp
119To enable group membership checks, set the
120.Xr sysctl 7
121variable
122.Pa security.models.extensions.hardlink_check_gid
123to a non-zero value.
124.Pp
125These variables can be enabled anytime, but cannot be disabled
126anymore when the
127.Em securelevel
128of the system is above 0.
129.Sh SEE ALSO
130.Xr affinity 3 ,
131.Xr sched 3 ,
132.Xr sysctl 7 ,
133.Xr kauth 9 ,
134.Xr secmodel 9 ,
135.Xr secmodel_bsd44 9 ,
136.Xr secmodel_securelevel 9 ,
137.Xr secmodel_suser 9
138.Sh AUTHORS
139.An Elad Efrat Aq Mt elad@NetBSD.org
140