Date: Sat, 19 Sep 1998 22:29:52 -0400 From: Dan Swartzendruber <dswartz@druber.com> To: freebsd-bugs@FreeBSD.ORG Subject: kern-5285 Message-ID: <3.0.5.32.19980919222952.00949770@mail.kersur.net>
next in thread | raw e-mail | index | archive | help
To whom it may concern: I enclose a copy of mail sent several days ago to freebsd-stable mailing list (with no response): **************************************************************************** Back in December '97, I opened PR kern/5285. This was a bug wherein a program doing setuid() apparently retained the original credential across the setuid() call, so if, for example, a setuid-root executable (which at that time, as I recall, was not subject to quota enforcement), did setuid() to another UID, even if that UID was over-quota for the filesystem, writes causing file size to grow would succeed. I never got any response apart from the original automailer acknowledgment. It has been the better part of a year, and the systems in question are now running 2.2.7, so I decided to try the experiment again (sending email to a user whose UID is overquota for the mail spool filesystem). Whereas originally, the mail would be appended to the POP mailbox with no error, it now is being bounced with a "quota exceeded" message. I groveled thru some of the quota-related code (particularly that in the setuid() and exec code, and it does now seem to be changing the credential information). Can any of the developers clarify the status of this? If this has in fact been fixed, it was not presumably in response to my PR, else that would not have been left open. In such case, presumably whoever confirms this could then close kern-5285. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19980919222952.00949770>