From owner-freebsd-hackers Mon Aug 21 16: 4:55 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 7B43537B424 for ; Mon, 21 Aug 2000 16:04:53 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id TAA95077; Mon, 21 Aug 2000 19:04:35 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 21 Aug 2000 19:04:34 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Damian Kuczynski Cc: freebsd-hackers@freebsd.org Subject: Re: quotas and file creditentials In-Reply-To: <3992A8C7.1B5CC765@nik.gov.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 10 Aug 2000, Damian Kuczynski wrote: > When I tried to analizee problem with mail.local writing messages to > user mailmox over quota limit I saw, that once root open a file which > belongs to nonprivileged user ex. test1, and after that drops his > privlegees to this user then user test1 is able to write to this file as > many data an he want and qverquota his disk limits mail.local works in > this maneer so it is able to overquota user mailbox. > > Is this normal, or maybe file should be writen under permissions > effective user (euid=test1) Damian, Cached credentials for file descriptor (socket, file) access are a fairly widely used phenomena under UNIX, and probably not something that should be used; the defined semantics indicate that access checks can occur only on open(), not necessarily on individual read()/write() calls. However, what you could do is move the open() in mail.local to after the revocation of privilege, although you'd want to create the mailbox first with privilege if it doesn't already exist. This would probably give the correct semantics from the perspective of quotas. At one point patches to do this were floating around -- from your message, I think it's safe to assume that they were not committed. Might be worth checking the archives of -hackers and -isp. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message