From b0de3b78d30933a54b88a654179e054220a5bae1 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Sun, 15 Jun 2003 06:46:24 +0000
Subject: Now that the kernel access control for quotactl(2) appears to work
 properly, clean up quota(1).  quota(1) has the ability to query quotas either
 directly from the kernel, or if that fails, by reading the quota.user or
 quota.group files specified for the file system in /etc/fstab.  The setuid
 bit existed solely (apparently) to let non-operator users query their quotas
 and consumption when quotas weren't enabled for the file system.

o Remove the setuid bit from quota(1).

o Remove the logic used by quota(1) when running setuid to prevent
  users from querying the quotas of other users or groups.  Note
  that this papered over previously broken kernel access control.
---
 usr.bin/quota/Makefile |  1 -
 usr.bin/quota/quota.c  | 17 -----------------
 2 files changed, 18 deletions(-)

(limited to 'usr.bin/quota')

diff --git a/usr.bin/quota/Makefile b/usr.bin/quota/Makefile
index 4d41fae..666a3ba 100644
--- a/usr.bin/quota/Makefile
+++ b/usr.bin/quota/Makefile
@@ -3,7 +3,6 @@
 
 PROG=	quota
 BINOWN=	root
-BINMODE=4555
 
 DPADD=	${LIBRPCSVC}
 LDADD=	-lrpcsvc
diff --git a/usr.bin/quota/quota.c b/usr.bin/quota/quota.c
index 6ce25bf..d30184f 100644
--- a/usr.bin/quota/quota.c
+++ b/usr.bin/quota/quota.c
@@ -205,10 +205,6 @@ showuid(u_long uid)
 	else
 		name = pwd->pw_name;
 	myuid = getuid();
-	if (uid != myuid && myuid != 0) {
-		printf("quota: %s (uid %lu): permission denied\n", name, uid);
-		return;
-	}
 	showquotas(USRQUOTA, uid, name);
 }
 
@@ -226,10 +222,6 @@ showusrname(char *name)
 		return;
 	}
 	myuid = getuid();
-	if (pwd->pw_uid != myuid && myuid != 0) {
-		warnx("%s (uid %u): permission denied", name, pwd->pw_uid);
-		return;
-	}
 	showquotas(USRQUOTA, pwd->pw_uid, name);
 }
 
@@ -259,10 +251,6 @@ showgid(u_long gid)
 		for (i = 0; i < ngroups; i++)
 			if (gid == gidset[i])
 				break;
-		if (i >= ngroups && getuid() != 0) {
-			warnx("%s (gid %lu): permission denied", name, gid);
-			return;
-		}
 	}
 	showquotas(GRPQUOTA, gid, name);
 }
@@ -292,11 +280,6 @@ showgrpname(char *name)
 		for (i = 0; i < ngroups; i++)
 			if (grp->gr_gid == gidset[i])
 				break;
-		if (i >= ngroups && getuid() != 0) {
-			warnx("%s (gid %u): permission denied", name,
-						grp->gr_gid);
-			return;
-		}
 	}
 	showquotas(GRPQUOTA, grp->gr_gid, name);
 }
-- 
cgit v1.1