Date: Thu, 25 Mar 2004 23:06:38 +1100 (EST) From: Bruce Evans <bde@zeta.org.au> To: Pawel Jakub Dawidek <pjd@freebsd.org> Cc: freebsd-arch@freebsd.org Subject: Re: SUIDDIR -> security.bsd.suiddir_enable. Message-ID: <20040325225342.D36800@gamplex.bde.org> In-Reply-To: <20040324235120.GU8930@darkness.comp.waw.pl> References: <20040324235120.GU8930@darkness.comp.waw.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote: > Any objection on such exchange? > > In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option > with sysctl security.bsd.suiddir_enable sysctl with is turned off by > default. SUIDDIR option is not removed, but it means now: turn on suiddir > functionality by default. Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there shouldn't be another knob to control it. If there is a security problem using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so that that all the places that implement SUIDDIR don't have to test both knobs. > I'm not also sure if security.bsd.* is the right place, maybe vfs.* > is better? /dev/null is better :-). Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040325225342.D36800>