Re: quotactl permissions

To: tech-kern%netbsd.org@localhost
Subject: Re: quotactl permissions
From: christos%astron.com@localhost (Christos Zoulas)
Date: Wed, 5 Sep 2012 14:29:19 +0000 (UTC)

In article <20120905123416.GB10839%homeworld.netbsd.org@localhost>,
Emmanuel Dreyfus  <manu%netbsd.org@localhost> wrote:
>On Wed, Sep 05, 2012 at 06:37:27AM +0000, David Holland wrote:
>> Changing it to effective uid seems like a good plan.
>
>The change below fixes the test case. Is it safe to commit?

Yes, but it should all be encapsulated in the kauth call. It is an abstraction
violation to do the id check separately.

christos

>
>Index: sys/ufs/ufs/ufs_quota.c
>===================================================================
>RCS file: /cvsroot/src/sys/ufs/ufs/ufs_quota.c,v
>retrieving revision 1.111
>diff -U4 -r1.111 ufs_quota.c
>--- sys/ufs/ufs/ufs_quota.c     26 Aug 2012 02:32:14 -0000      1.111
>+++ sys/ufs/ufs/ufs_quota.c     5 Sep 2012 12:33:07 -0000
>@@ -334,9 +334,9 @@
> /* XXX shouldn't all this be in kauth ? */
> static int
> quota_get_auth(struct mount *mp, struct lwp *l, uid_t id) {
>        /* The user can always query about his own quota. */
>-       if (id == kauth_cred_getuid(l->l_cred))
>+       if (id == kauth_cred_geteuid(l->l_cred))
>                return 0;
>        return kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
>            KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(id), NULL);
> }
>
>
>-- 
>Emmanuel Dreyfus
>manu%netbsd.org@localhost
>

Follow-Ups:
- Re: quotactl permissions
  - From: Emmanuel Dreyfus

References:
- Re: quotactl permissions
  - From: Eric Haszlakiewicz
- Re: quotactl permissions
  - From: Emmanuel Dreyfus
- Re: quotactl permissions
  - From: David Holland
- Re: quotactl permissions
  - From: Emmanuel Dreyfus

Prev by Date: Re: NetBSD port for AT91SAM9G20?
Next by Date: Re: quotactl permissions
Previous by Thread: Re: quotactl permissions
Next by Thread: Re: quotactl permissions
Indexes:

Home | Main Index | Thread Index | Old Index