From owner-freebsd-stable Thu Sep 17 18:45:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA00975 for freebsd-stable-outgoing; Thu, 17 Sep 1998 18:45:53 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from mail.kersur.net (mail.kersur.net [199.79.199.3]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA00810 for ; Thu, 17 Sep 1998 18:44:46 -0700 (PDT) (envelope-from dswartz@druber.com) Received: from manticore (manticore.druber.com [207.180.95.108]) by mail.kersur.net (8.8.8/8.8.8) with SMTP id VAA03221 for ; Thu, 17 Sep 1998 21:44:26 -0400 (EDT) Message-Id: <3.0.5.32.19980917214418.009427f0@mail.kersur.net> X-Sender: druber@mail.kersur.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 17 Sep 1998 21:44:18 -0400 To: freebsd-stable@FreeBSD.ORG From: Dan Swartzendruber Subject: quotas and setuid Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Back in December '97, I opened PR kern/5285. This was a bug wherein a program doing setuid() apparently retained the original credential across the setuid() call, so if, for example, a setuid-root executable (which at that time, as I recall, was not subject to quota enforcement), did setuid() to another UID, even if that UID was over-quota for the filesystem, writes causing file size to grow would succeed. I never got any response apart from the original automailer acknowledgment. It has been the better part of a year, and the systems in question are now running 2.2.7, so I decided to try the experiment again (sending email to a user whose UID is overquota for the mail spool filesystem). Whereas originally, the mail would be appended to the POP mailbox with no error, it now is being bounced with a "quota exceeded" message. I groveled thru some of the quota-related code (particularly that in the setuid() and exec code, and it does now seem to be changing the credential information). Can any of the developers clarify the status of this? If this has in fact been fixed, it was not presumably in response to my PR, else that would not have been left open. In such case, presumably whoever confirms this could then close kern-5285. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message