From nobody@FreeBSD.org  Fri Jun 30 19:13:24 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0FBC016A508
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Jun 2006 19:13:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D04EA4408B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Jun 2006 18:44:10 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k5UIiAiU075112
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 30 Jun 2006 18:44:10 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k5UIiAxl075111;
	Fri, 30 Jun 2006 18:44:10 GMT
	(envelope-from nobody)
Message-Id: <200606301844.k5UIiAxl075111@www.freebsd.org>
Date: Fri, 30 Jun 2006 18:44:10 GMT
From: Jui-Nan Lin <jnlin@csie.nctu.edu.tw>
To: freebsd-gnats-submit@FreeBSD.org
Subject: quota information leak while rpc.rquotad is used
X-Send-Pr-Version: www-2.3

>Number:         99662
>Category:       bin
>Synopsis:       rpc.rquotad(8): quota information leak while rpc.rquotad is used
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 30 19:20:14 GMT 2006
>Closed-Date:    
>Last-Modified:  Sun Jan 20 04:28:09 UTC 2008
>Originator:     Jui-Nan Lin
>Release:        6.0-RELEASE
>Organization:
Department of Computer Science, NCTU
>Environment:
FreeBSD cchome 6.0-RELEASE-p7 FreeBSD 6.0-RELEASE-p7 #3: Sun Apr 30 05:53:52 CST 2006     root@cchome.csie.nctu.edu.tw:/usr/obj/usr/src/sys/CCHOME  i386

>Description:
When I try to query other user's quota in the NFS server, it told me
"quota: /raid/quota.user: Permission denied". But when I try to query
other user's quota in the NFS client, it will return his/her quota.
>How-To-Repeat:
nfsserver% quota -v someuser
quota: /raid/quota.user: Permission denied
nfsclient% quota -v someuser
Disk quotas for user someuser (uid xxxxx):
     Filesystem   usage   quota   limit   grace   files   quota   limit   grace
      /amd/raid   17178  120000  150000            1406   12000   15000

>Fix:
In FreeBSD 4.x, the problem is solved by checking uid in
src/usr.bin/quota/quota.c. But I think it would be better if we check the
uid in the rpc.rquotad. But I am not familiar with SUNRPC, and I don't
know if there will be the uid information transmitted in the RPC
request/reponse.
>Release-Note:
>Audit-Trail:
>Unformatted:
