Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 14 Jun 2003 23:54:36 -0700 (PDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/usr.bin/quota quota.c
Message-ID:  <200306150654.h5F6saPd081323@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
rwatson     2003/06/14 23:54:36 PDT

  FreeBSD src repository

  Modified files:
    usr.bin/quota        quota.c 
  Log:
  Now that the kernel access control for quotactl(2) appears to work
  properly, clean up quota(1).  quota(1) has the ability to query
  quotas either directly from the kernel, or if that fails, by reading
  the quota.user or quota.group files specified for the file system
  in /etc/fstab.  The setuid bit existed solely (apparently) to let
  non-operator users query their quotas and consumption when quotas
  weren't enabled for the file system.
  
  o Remove the setuid bit from quota(1).
  
  o Remove the logic used by quota(1) when running setuid to prevent
    users from querying the quotas of other users or groups.  Note
    that this papered over previously broken kernel access control;
    if you queried directly using the system call, you could access
    some of the data "restricted" by quota(1).
  
  In the new world order, the ability to inspect the (live) quotas of
  other uids and gids via the kernel is controlled by the privilege
  requirement sysctl.  The ability to query via the file is controlled
  by the file permissions on the quota database backing files
  (root:operator, group readable by default).
  
  Revision  Changes    Path
  1.20      +0 -32     src/usr.bin/quota/quota.c



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200306150654.h5F6saPd081323>