bin/99662: quota information leak while rpc.rquotad is used
Jui-Nan Lin
jnlin at csie.nctu.edu.tw
Fri Jun 30 19:20:25 UTC 2006
>Number: 99662
>Category: bin
>Synopsis: quota information leak while rpc.rquotad is used
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jun 30 19:20:14 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator: Jui-Nan Lin
>Release: 6.0-RELEASE
>Organization:
Department of Computer Science, NCTU
>Environment:
FreeBSD cchome 6.0-RELEASE-p7 FreeBSD 6.0-RELEASE-p7 #3: Sun Apr 30 05:53:52 CST 2006 root at cchome.csie.nctu.edu.tw:/usr/obj/usr/src/sys/CCHOME i386
>Description:
When I try to query other user's quota in the NFS server, it told me "quota: /raid/quota.user: Permission denied". But when I try to query other user's quota in the NFS client, it will return his/her quota.
>How-To-Repeat:
nfsserver% quota -v someuser
quota: /raid/quota.user: Permission denied
nfsclient% quota -v someuser
Disk quotas for user someuser (uid xxxxx):
Filesystem usage quota limit grace files quota limit grace
/amd/raid 17178 120000 150000 1406 12000 15000
>Fix:
In FreeBSD 4.x, the problem is solved by checking uid in src/usr.bin/quota/quota.c. But I think it would be better if we check the uid in the rpc.rquotad. But I am not familiar with SUNRPC, and I don't know if there will be the uid information transmitted in the RPC request/reponse.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list