Hello,
in the ufs quota code there is checks like:
/* The user can always query about his own quota. */
if (uid == kauth_cred_getuid(l->l_cred))
break;
error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA,
KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(uid), NULL);
To me, it looks like the (uid == kauth_cred_getuid(l->l_cred)) check should
be handled by kauth as well, isn't it (what if someone wants to
deny users to see even their own quotas) ?
KAUTH_SYSTEM_FS_QUOTA is handed in suser/secmodel_suser.c only,
at first glance this is not the right place to add the "user gets its own
quotas" check. Can someone help me with this ?
--
Manuel Bouyer <bou...@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
