properly, clean up quota(1). quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab. The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.
o Remove the setuid bit from quota(1).
o Remove the logic used by quota(1) when running setuid to prevent
users from querying the quotas of other users or groups. Note
that this papered over previously broken kernel access control;
if you queried directly using the system call, you could access
some of the data "restricted" by quota(1).
In the new world order, the ability to inspect the (live) quotas of
other uids and gids via the kernel is controlled by the privilege
requirement sysctl. The ability to query via the file is controlled
by the file permissions on the quota database backing files
(root:operator, group readable by default).
aee1b42ab6