Hello,
> Almost any suid binary may be used to create large files overriding quota
> limits.
Yes.
> When setuid-root binary inherits file descriptors from user process it may
> write to it without respecting the quota restrictions. This is because
> suid process has CAP_SYS_RESOURCE effective capability enabled during
> writing to the file. Quota does not know anything about who opened file
> descriptor and checks current process privileges only. This is bug in
> kernel and not in those setuid-root binaries.
Actually I think this is not a bug, it's a feature... If some process
has a CAP_SYS_RESOURCE capability then it can override the limits (that's
how I understand this capability). Hence it's got right to exceed user quota.
I think this is reasonable behaviour (root can do anything - suid binaries are
just making the will of root ;)).
And BTW I know about no way how to know who opened the file...
Honza
-- Jan Kara <jack@suse.cz> SuSE CR Labs - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Oct 31 2001 - 21:00:21 EST