From owner-p4-projects@FreeBSD.ORG Fri Feb 9 14:59:49 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 4805916A40B; Fri, 9 Feb 2007 14:59:49 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2019516A407 for ; Fri, 9 Feb 2007 14:59:49 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 0D61213C4B3 for ; Fri, 9 Feb 2007 14:59:49 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l19ExmbM033150 for ; Fri, 9 Feb 2007 14:59:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l19ExmTp033147 for perforce@freebsd.org; Fri, 9 Feb 2007 14:59:48 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Fri, 9 Feb 2007 14:59:48 GMT Message-Id: <200702091459.l19ExmTp033147@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 114294 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Feb 2007 14:59:49 -0000 http://perforce.freebsd.org/chv.cgi?CH=114294 Change 114294 by rwatson@rwatson_cinnamon on 2007/02/09 14:59:00 Narrow scope of quota privileges allowed in jail by default: don't let superuser manipulate the usage counts or configuration of quotas. Affected files ... .. //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#14 edit .. //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#6 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#14 (text+ko) ==== @@ -616,14 +616,11 @@ /* * Allow root in jail to manage a variety of quota - * properties. Some are a bit surprising and should be - * reconsidered. + * properties. These should likely be conditional on a + * configuration option. */ case PRIV_UFS_GETQUOTA: - case PRIV_UFS_QUOTAOFF: /* XXXRW: Slightly surprising. */ - case PRIV_UFS_QUOTAON: /* XXXRW: Slightly surprising. */ case PRIV_UFS_SETQUOTA: - case PRIV_UFS_SETUSE: /* XXXRW: Slightly surprising. */ /* * Since Jail relies on chroot() to implement file system ==== //depot/projects/trustedbsd/priv/sys/ufs/ufs/ufs_quota.c#6 (text+ko) ==== @@ -426,11 +426,7 @@ int error, flags; struct nameidata nd; - /* - * XXXRW: Can this be right? Jail is allowed to do this? - */ - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, - SUSER_ALLOWJAIL); + error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAON, 0); if (error) return (error); @@ -524,11 +520,7 @@ struct inode *ip; int error; - /* - * XXXRW: This also seems wrong to allow in a jail? - */ - error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, - SUSER_ALLOWJAIL); + error = priv_check_cred(td->td_ucred, PRIV_UFS_QUOTAOFF, 0); if (error) return (error); @@ -713,8 +705,7 @@ struct dqblk usage; int error; - error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, - SUSER_ALLOWJAIL); + error = priv_check_cred(td->td_ucred, PRIV_UFS_SETUSE, 0); if (error) return (error);