Path: utzoo!mnetor!uunet!vsi!friedl From: friedl@vsi.UUCP (Stephen J. Friedl) Newsgroups: comp.unix.questions Subject: Re: checking disk space from c program Message-ID: <518@vsi.UUCP> Date: 10 Apr 88 17:26:34 GMT References: <398@wpg.UUCP> <3431@csli.STANFORD.EDU> Organization: V-Systems, Inc. -- Santa Ana, CA Lines: 37 Summary: maybe not setuid root In article <3431@csli.STANFORD.EDU>, gandalf@csli.STANFORD.EDU (Juergen Wagner) writes: > Yes, there is a way to find out the space available on the file system > a particular file resides on. The only problem is that you have to setuid to > root to be able to read the disk device. Normal users will have to use df. > > Here comes a small program which does the job (usage: "d " tells you > the free space on the file system of ). > > [small program text here] No comments on the code included, but you might not need to make the program setuid root. Many systems have their disk devices owned and grouped (grouped?) by other users. 0 brw-r----- 1 root sys 17, 16 Jun 27 1987 /dev/dsk/c1d1s0 If you are writing your program to include this code, look at the group (and mode, of course) to see if you can exploit a lesser id. In the above example, the program could be set-group-id `sys' rather than set-user-id `root'. Better from a lot of points is to just popen("df") (or the sample "d" program) and read the output; then the program is still safe and effective. Please do not take setuid or setgid lightly. You may be writing for some small single-user machine (your Unix PC, an AT with uport, etc.), but you will move on someday. Or, perhaps, you will submit your program to the net and lots of other people on more lively machines will use it. If you make it a habit to not put in security holes when it doesn't matter, then you will be that much farther ahead when it does matter. BTW, portability works the same way... I welcome all questions on setuid/setgid topics via email. -- Steve Friedl V-Systems, Inc. "Yes, I'm jeff@unh's brother" friedl@vsi.com {backbones}!vsi.com!friedl attmail!vsi!friedl