Date: Sat, 08 Aug 1998 19:01:23 -0400 From: Dan Swartzendruber <dswartz@druber.com> To: Tom <tom@uniserve.com> Cc: Joe Gleason <clash@tasam.com>, freebsd-stable@FreeBSD.ORG Subject: Re: Quota bug crashing system? Message-ID: <3.0.5.32.19980808190123.00941670@mail.kersur.net> In-Reply-To: <Pine.BSF.3.96.980808153328.3139C-100000@shell.uniserve.ca> References: <3.0.5.32.19980808152803.0094d820@mail.kersur.net>
next in thread | previous in thread | raw e-mail | index | archive | help
At 03:48 PM 8/8/98 -0700, Tom wrote: > >On Sat, 8 Aug 1998, Dan Swartzendruber wrote: > >> Speaking of quotas, maybe someone can enlighten me on a quota >> related issue: it seems that (at least as some 6 months or so ago), >> 2.2 didn't correctly handle SUID programs. e.g. if a SUID root >> process has done setuid() (whichever flavor) to some less privileged >> UID, the original (root) quota continues to apply. This is arguably >> a bug. From what I can tell looking at the code, the decision about > > Not quite. Quotas are done by file ownership, not the current uid. > > You should check that the file you are writing to is owned by someone >with the appropiate quota. Sorry, this is incorrect. I did do at least the minimal diligence to read through the code enough to understand this. Also, proving it by writing a trivial program that reproduces the bug (by setuid() to a user with a quota entry for the FS in question. The program, which is SUID root, can exceed the quota with no problems). Here is one of the problematic places (in ufs/ufs/ufs_quota.c): /* * If user would exceed their hard limit, disallow space allocation. */ if (ncurblocks >= dq->dq_bhardlimit && dq->dq_bhardlimit) { if ((dq->dq_flags & DQ_BLKS) == 0 && ip->i_uid == cred->cr_uid) { ^^^^^^^^^^^^^^^^^^^^^^^^^^ uprintf("\n%s: write failed, %s disk limit reached\n", ITOV(ip)->v_mount->mnt_stat.f_mntonname, quotatypes[type]); dq->dq_flags |= DQ_BLKS; } return (EDQUOT); } The underlined check is the problem. From what I can tell, the credential in question is generated when the process is created (at which time it has a uid of zero, and that is the effective quota UID forevermore). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19980808190123.00941670>