diff options
author | rwatson <rwatson@FreeBSD.org> | 2003-06-15 06:54:36 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2003-06-15 06:54:36 +0000 |
commit | fa79ce5f40376f44fb1edc6969064ae57f89da89 (patch) | |
tree | 9df0a2d4ff8f76facfe5c172f5ef8eb8525acf0a /usr.bin/quota | |
parent | b0de3b78d30933a54b88a654179e054220a5bae1 (diff) | |
download | FreeBSD-src-fa79ce5f40376f44fb1edc6969064ae57f89da89.zip FreeBSD-src-fa79ce5f40376f44fb1edc6969064ae57f89da89.tar.gz |
Now that the kernel access control for quotactl(2) appears to work
properly, clean up quota(1). quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab. The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.
o Remove the setuid bit from quota(1).
o Remove the logic used by quota(1) when running setuid to prevent
users from querying the quotas of other users or groups. Note
that this papered over previously broken kernel access control;
if you queried directly using the system call, you could access
some of the data "restricted" by quota(1).
In the new world order, the ability to inspect the (live) quotas of
other uids and gids via the kernel is controlled by the privilege
requirement sysctl. The ability to query via the file is controlled
by the file permissions on the quota database backing files
(root:operator, group readable by default).
Diffstat (limited to 'usr.bin/quota')
-rw-r--r-- | usr.bin/quota/quota.c | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/usr.bin/quota/quota.c b/usr.bin/quota/quota.c index d30184f..a2b89ec 100644 --- a/usr.bin/quota/quota.c +++ b/usr.bin/quota/quota.c @@ -197,14 +197,12 @@ static void showuid(u_long uid) { struct passwd *pwd = getpwuid(uid); - u_long myuid; const char *name; if (pwd == NULL) name = "(no account)"; else name = pwd->pw_name; - myuid = getuid(); showquotas(USRQUOTA, uid, name); } @@ -215,13 +213,11 @@ static void showusrname(char *name) { struct passwd *pwd = getpwnam(name); - u_long myuid; if (pwd == NULL) { warnx("%s: unknown user", name); return; } - myuid = getuid(); showquotas(USRQUOTA, pwd->pw_uid, name); } @@ -232,26 +228,12 @@ static void showgid(u_long gid) { struct group *grp = getgrgid(gid); - int ngroups; - gid_t mygid, gidset[NGROUPS]; - int i; const char *name; if (grp == NULL) name = "(no entry)"; else name = grp->gr_name; - mygid = getgid(); - ngroups = getgroups(NGROUPS, gidset); - if (ngroups < 0) { - warn("getgroups"); - return; - } - if (gid != mygid) { - for (i = 0; i < ngroups; i++) - if (gid == gidset[i]) - break; - } showquotas(GRPQUOTA, gid, name); } @@ -262,25 +244,11 @@ static void showgrpname(char *name) { struct group *grp = getgrnam(name); - int ngroups; - gid_t mygid, gidset[NGROUPS]; - int i; if (grp == NULL) { warnx("%s: unknown group", name); return; } - mygid = getgid(); - ngroups = getgroups(NGROUPS, gidset); - if (ngroups < 0) { - warn("getgroups"); - return; - } - if (grp->gr_gid != mygid) { - for (i = 0; i < ngroups; i++) - if (grp->gr_gid == gidset[i]) - break; - } showquotas(GRPQUOTA, grp->gr_gid, name); } |