Re: quotactl permissions

[Eric Haszlakiewicz <erh%nimenees.com@localhost>]

On Tue, Sep 04, 2012 at 11:41:39AM -0400, Thor Lancelot Simon wrote:
> On Tue, Sep 04, 2012 at 02:59:58PM +0000, Emmanuel Dreyfus wrote:
> > Hi
> > 
> > I discovered that quotactl will return EPERM when reasing quota for 
> > a given uid, while process real UID is root, which is a bit surprising.
> > 
> > Attached is a test case. The problem happens on 6.0_RC1. Can we call
> > it a bug?
> > 
> > The code that handle authorization is here:
> > sys/ufs/ufs/ufs_vfsops.c:quota_get_auth()
> 
> It has at least one obvious bug: the check for same-UID should be in
> kauth.

The kauth check seems to be in secmodel_suser.c, and it seems to consider the
effective uid:

static bool suser_isroot(kauth_cred_t cred)
{
    return kauth_cred_geteuid(cred) == 0;
}
int secmodel_suser_generic_cb(...)
{
...
    isroot = suser_isroot(cred);
...
    case KAUTH_SYSTEM_FS_QUOTA:
        switch (req) {
        case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
        case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
        case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
        case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
            if (isroot)
                result = KAUTH_RESULT_ALLOW;
            break;