From owner-cvs-all@FreeBSD.ORG Sat Jun 14 23:36:20 2003 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A0EC37B401; Sat, 14 Jun 2003 23:36:20 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1FC0943FA3; Sat, 14 Jun 2003 23:36:20 -0700 (PDT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h5F6aJ0U075390; Sat, 14 Jun 2003 23:36:19 -0700 (PDT) (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h5F6aJ8K075389; Sat, 14 Jun 2003 23:36:19 -0700 (PDT) Message-Id: <200306150636.h5F6aJ8K075389@repoman.freebsd.org> From: Robert Watson Date: Sat, 14 Jun 2003 23:36:19 -0700 (PDT) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/ufs/ufs quota.h ufs_quota.c ufs_vfsops.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jun 2003 06:36:21 -0000 rwatson 2003/06/14 23:36:19 PDT FreeBSD src repository Modified files: sys/ufs/ufs quota.h ufs_quota.c ufs_vfsops.c Log: Re-implement kernel access control for quotactl() as found in the UFS quota implementation. Push some quite broken access control logic out of ufs_quotactl() into the individual command implementations in ufs_quota.c; fix that logic. Pass in the thread argument to any quotactl command that will need to perform access control. o quotaon() requires privilege (PRISON_ROOT). o quotaoff() requires privilege (PRISON_ROOT). o getquota() requires that: If the type is USRQUOTA, either the effective uid match the requested quota ID, that the unprivileged_get_quota flag be set, or that the thread be privileged (PRISON_ROOT). If the type is GRPQUOTA, require that either the thread be a member of the group represented by the requested quota ID, that the unprivileged_get_quota flag be set, or that the thread be privileged (PRISON_ROOT). o setquota() requires privilege (PRISON_ROOT). o setuse() requires privilege (PRISON_ROOT). o qsync() requires no special privilege (consistent with what was present before, but probably not very useful). Add a new sysctl, security.bsd.unprivileged_get_quota, which when set to a non-zero value, will permit unprivileged users to query user quotas with non-matching uids and gids. Set this to 0 by default to be mostly consistent with the previous behavior (the same for USRQUOTA, but not for GRPQUOTA). Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Revision Changes Path 1.25 +3 -3 src/sys/ufs/ufs/quota.h 1.65 +51 -3 src/sys/ufs/ufs/ufs_quota.c 1.37 +4 -17 src/sys/ufs/ufs/ufs_vfsops.c