1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-02 08:42:48 +00:00

Now that the kernel access control for quotactl(2) appears to work

properly, clean up quota(1).  quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab.  The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.

o Remove the setuid bit from quota(1).

o Remove the logic used by quota(1) when running setuid to prevent
  users from querying the quotas of other users or groups.  Note
  that this papered over previously broken kernel access control;
  if you queried directly using the system call, you could access
  some of the data "restricted" by quota(1).

In the new world order, the ability to inspect the (live) quotas of
other uids and gids via the kernel is controlled by the privilege
requirement sysctl.  The ability to query via the file is controlled
by the file permissions on the quota database backing files
(root:operator, group readable by default).
This commit is contained in:
Robert Watson 2003-06-15 06:54:36 +00:00
parent 41b0d1a064
commit aee1b42ab6
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=116386

View File

@ -197,14 +197,12 @@ static void
showuid(u_long uid)
{
struct passwd *pwd = getpwuid(uid);
u_long myuid;
const char *name;
if (pwd == NULL)
name = "(no account)";
else
name = pwd->pw_name;
myuid = getuid();
showquotas(USRQUOTA, uid, name);
}
@ -215,13 +213,11 @@ static void
showusrname(char *name)
{
struct passwd *pwd = getpwnam(name);
u_long myuid;
if (pwd == NULL) {
warnx("%s: unknown user", name);
return;
}
myuid = getuid();
showquotas(USRQUOTA, pwd->pw_uid, name);
}
@ -232,26 +228,12 @@ static void
showgid(u_long gid)
{
struct group *grp = getgrgid(gid);
int ngroups;
gid_t mygid, gidset[NGROUPS];
int i;
const char *name;
if (grp == NULL)
name = "(no entry)";
else
name = grp->gr_name;
mygid = getgid();
ngroups = getgroups(NGROUPS, gidset);
if (ngroups < 0) {
warn("getgroups");
return;
}
if (gid != mygid) {
for (i = 0; i < ngroups; i++)
if (gid == gidset[i])
break;
}
showquotas(GRPQUOTA, gid, name);
}
@ -262,25 +244,11 @@ static void
showgrpname(char *name)
{
struct group *grp = getgrnam(name);
int ngroups;
gid_t mygid, gidset[NGROUPS];
int i;
if (grp == NULL) {
warnx("%s: unknown group", name);
return;
}
mygid = getgid();
ngroups = getgroups(NGROUPS, gidset);
if (ngroups < 0) {
warn("getgroups");
return;
}
if (grp->gr_gid != mygid) {
for (i = 0; i < ngroups; i++)
if (grp->gr_gid == gidset[i])
break;
}
showquotas(GRPQUOTA, grp->gr_gid, name);
}