DragonFlyBSD Kernel Audit
← dashboard
DF-0141

Missing privilege check in sys_vquotactl: any user can set/read all quotas

Summary

sys_vquotactl(syscall 530) has NO caps_priv_check anywhere. UFS quota ioctls check SYSCAP_NOQUOTA_WR. Any unprivileged user can: set ac_limit=0 -> filesystem-wide write DoS; set/remove per-uid/gid limits for arbitrary users including uid 0; get usage all -> cross-user info disclosure. Gated by vfs_quota_enabled=0 default.