From owner-freebsd-bugs  Sat Dec 13 16:30:06 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id QAA27854
          for bugs-outgoing; Sat, 13 Dec 1997 16:30:06 -0800 (PST)
          (envelope-from owner-freebsd-bugs)
Received: (from gnats@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id QAA27840;
          Sat, 13 Dec 1997 16:30:03 -0800 (PST)
          (envelope-from gnats)
Resent-Date: Sat, 13 Dec 1997 16:30:03 -0800 (PST)
Resent-Message-Id: <199712140030.QAA27840@hub.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, dswartz@druber.com
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id QAA27443;
          Sat, 13 Dec 1997 16:26:35 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199712140026.QAA27443@hub.freebsd.org>
Date: Sat, 13 Dec 1997 16:26:35 -0800 (PST)
From: dswartz@druber.com
To: freebsd-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: www-1.0
Subject: kern/5285: quotas do not work properly with setuid programs.
Sender: owner-freebsd-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         5285
>Category:       kern
>Synopsis:       quotas do not work properly with setuid programs.
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 13 16:30:01 PST 1997
>Last-Modified:
>Originator:     Dan Swartzendruber
>Organization:
Swartzendruber Consulting
>Release:        2.2.5
>Environment:
FreeBSD mail2.kersur.net 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #1: Thu Dec 11 18:11:52 EST 1997     root@mail2.kersur.net:/usr/src/sys/compile/MAIL  i386

>Description:
Apparently, the quota checking code in ufs/ufs/ufs_quota.c (possibly
elsewhere, this is just what I happened to see) does not apply quota
to UID 0, which is not unreasonable.  However, it checks the UID in
the current credential, *not* the current mode the process is in, so
a setuid program that becomes non-privileged does not have that UID
quota applied to it.  This is related to a similar problem report that
was made vs sendmail/mail.local.  The proposed fix does not work, for
the reasons I have already described.
>How-To-Repeat:
Write a "C" program that does setuid(xxx), where xxx is a UID that is
over quota on some filesystem.  Have that program create and write to
a file on that filesystem after doing said setuid().  It will work.

>Fix:
Dunno.

>Audit-Trail:
>Unformatted: