Hello, in the ufs quota code there is checks like: /* The user can always query about his own quota. */ if (uid == kauth_cred_getuid(l->l_cred)) break; error = kauth_authorize_system(l->l_cred, KAUTH_SYSTEM_FS_QUOTA, KAUTH_REQ_SYSTEM_FS_QUOTA_GET, mp, KAUTH_ARG(uid), NULL);
To me, it looks like the (uid == kauth_cred_getuid(l->l_cred)) check should be handled by kauth as well, isn't it (what if someone wants to deny users to see even their own quotas) ? KAUTH_SYSTEM_FS_QUOTA is handed in suser/secmodel_suser.c only, at first glance this is not the right place to add the "user gets its own quotas" check. Can someone help me with this ? -- Manuel Bouyer <bou...@antioche.eu.org> NetBSD: 26 ans d'experience feront toujours la difference --