Date: Fri, 30 Jun 2006 18:44:10 GMT From: Jui-Nan Lin <jnlin@csie.nctu.edu.tw> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/99662: quota information leak while rpc.rquotad is used Message-ID: <200606301844.k5UIiAxl075111@www.freebsd.org> Resent-Message-ID: <200606301920.k5UJKEmX077324@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 99662
>Category: bin
>Synopsis: quota information leak while rpc.rquotad is used
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 30 19:20:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Jui-Nan Lin
>Release: 6.0-RELEASE
>Organization:
Department of Computer Science, NCTU
>Environment:
FreeBSD cchome 6.0-RELEASE-p7 FreeBSD 6.0-RELEASE-p7 #3: Sun Apr 30 05:53:52 CST 2006 root@cchome.csie.nctu.edu.tw:/usr/obj/usr/src/sys/CCHOME i386
>Description:
When I try to query other user's quota in the NFS server, it told me "quota: /raid/quota.user: Permission denied". But when I try to query other user's quota in the NFS client, it will return his/her quota.
>How-To-Repeat:
nfsserver% quota -v someuser
quota: /raid/quota.user: Permission denied
nfsclient% quota -v someuser
Disk quotas for user someuser (uid xxxxx):
Filesystem usage quota limit grace files quota limit grace
/amd/raid 17178 120000 150000 1406 12000 15000
>Fix:
In FreeBSD 4.x, the problem is solved by checking uid in src/usr.bin/quota/quota.c. But I think it would be better if we check the uid in the rpc.rquotad. But I am not familiar with SUNRPC, and I don't know if there will be the uid information transmitted in the RPC request/reponse.
>Release-Note:
>Audit-Trail:
>Unformatted:
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606301844.k5UIiAxl075111>