freebsd-nq/usr.bin/quota
Robert Watson aee1b42ab6 Now that the kernel access control for quotactl(2) appears to work
properly, clean up quota(1).  quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab.  The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.

o Remove the setuid bit from quota(1).

o Remove the logic used by quota(1) when running setuid to prevent
  users from querying the quotas of other users or groups.  Note
  that this papered over previously broken kernel access control;
  if you queried directly using the system call, you could access
  some of the data "restricted" by quota(1).

In the new world order, the ability to inspect the (live) quotas of
other uids and gids via the kernel is controlled by the privilege
requirement sysctl.  The ability to query via the file is controlled
by the file permissions on the quota database backing files
(root:operator, group readable by default).
2003-06-15 06:54:36 +00:00
..
Makefile Now that the kernel access control for quotactl(2) appears to work 2003-06-15 06:46:24 +00:00
quota.1
quota.c Now that the kernel access control for quotactl(2) appears to work 2003-06-15 06:54:36 +00:00