cvs commit: src/usr.bin/quota quota.c

Robert Watson rwatson at FreeBSD.org
Sat Jun 14 23:54:38 PDT 2003


rwatson     2003/06/14 23:54:36 PDT

  FreeBSD src repository

  Modified files:
    usr.bin/quota        quota.c 
  Log:
  Now that the kernel access control for quotactl(2) appears to work
  properly, clean up quota(1).  quota(1) has the ability to query
  quotas either directly from the kernel, or if that fails, by reading
  the quota.user or quota.group files specified for the file system
  in /etc/fstab.  The setuid bit existed solely (apparently) to let
  non-operator users query their quotas and consumption when quotas
  weren't enabled for the file system.
  
  o Remove the setuid bit from quota(1).
  
  o Remove the logic used by quota(1) when running setuid to prevent
    users from querying the quotas of other users or groups.  Note
    that this papered over previously broken kernel access control;
    if you queried directly using the system call, you could access
    some of the data "restricted" by quota(1).
  
  In the new world order, the ability to inspect the (live) quotas of
  other uids and gids via the kernel is controlled by the privilege
  requirement sysctl.  The ability to query via the file is controlled
  by the file permissions on the quota database backing files
  (root:operator, group readable by default).
  
  Revision  Changes    Path
  1.20      +0 -32     src/usr.bin/quota/quota.c


More information about the cvs-src mailing list