cvs commit: src/sys/ufs/ufs quota.h ufs_quota.c ufs_vfsops.c

Robert Watson rwatson at FreeBSD.org
Sat Jun 14 23:36:20 PDT 2003


rwatson     2003/06/14 23:36:19 PDT

  FreeBSD src repository

  Modified files:
    sys/ufs/ufs          quota.h ufs_quota.c ufs_vfsops.c 
  Log:
  Re-implement kernel access control for quotactl() as found in the
  UFS quota implementation.  Push some quite broken access control
  logic out of ufs_quotactl() into the individual command
  implementations in ufs_quota.c; fix that logic.  Pass in the thread
  argument to any quotactl command that will need to perform access
  control.
  
  o quotaon() requires privilege (PRISON_ROOT).
  
  o quotaoff() requires privilege (PRISON_ROOT).
  
  o getquota() requires that:
  
      If the type is USRQUOTA, either the effective uid match the
      requested quota ID, that the unprivileged_get_quota flag be
      set, or that the thread be privileged (PRISON_ROOT).
  
      If the type is GRPQUOTA, require that either the thread be
      a member of the group represented by the requested quota ID,
      that the unprivileged_get_quota flag be set, or that the
      thread be privileged (PRISON_ROOT).
  
  o setquota() requires privilege (PRISON_ROOT).
  
  o setuse() requires privilege (PRISON_ROOT).
  
  o qsync() requires no special privilege (consistent with what
    was present before, but probably not very useful).
  
  Add a new sysctl, security.bsd.unprivileged_get_quota, which when
  set to a non-zero value, will permit unprivileged users to query user
  quotas with non-matching uids and gids.  Set this to 0 by default
  to be mostly consistent with the previous behavior (the same for
  USRQUOTA, but not for GRPQUOTA).
  
  Obtained from:  TrustedBSD Project
  Sponsored by:   DARPA, Network Associates Laboratories
  
  Revision  Changes    Path
  1.25      +3 -3      src/sys/ufs/ufs/quota.h
  1.65      +51 -3     src/sys/ufs/ufs/ufs_quota.c
  1.37      +4 -17     src/sys/ufs/ufs/ufs_vfsops.c


More information about the cvs-src mailing list