fa79ce5f40
properly, clean up quota(1). quota(1) has the ability to query quotas either directly from the kernel, or if that fails, by reading the quota.user or quota.group files specified for the file system in /etc/fstab. The setuid bit existed solely (apparently) to let non-operator users query their quotas and consumption when quotas weren't enabled for the file system. o Remove the setuid bit from quota(1). o Remove the logic used by quota(1) when running setuid to prevent users from querying the quotas of other users or groups. Note that this papered over previously broken kernel access control; if you queried directly using the system call, you could access some of the data "restricted" by quota(1). In the new world order, the ability to inspect the (live) quotas of other uids and gids via the kernel is controlled by the privilege requirement sysctl. The ability to query via the file is controlled by the file permissions on the quota database backing files (root:operator, group readable by default). |
||
---|---|---|
.. | ||
Makefile | ||
quota.1 | ||
quota.c |