Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Mar 2004 08:50:18 -0500 (EST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Pawel Jakub Dawidek <pjd@FreeBSD.org>
Cc:        freebsd-arch@FreeBSD.org
Subject:   Re: SUIDDIR -> security.bsd.suiddir_enable.
Message-ID:  <Pine.NEB.3.96L.1040325084920.52837E-100000@fledge.watson.org>
In-Reply-To: <20040325123554.GZ8930@darkness.comp.waw.pl>

next in thread | previous in thread | raw e-mail | index | archive | help

On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:

> On Thu, Mar 25, 2004 at 11:06:38PM +1100, Bruce Evans wrote:
> +> On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
> +> 
> +> > Any objection on such exchange?
> +> >
> +> > In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option
> +> > with sysctl security.bsd.suiddir_enable sysctl with is turned off by
> +> > default. SUIDDIR option is not removed, but it means now: turn on suiddir
> +> > functionality by default.
> +> 
> +> Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there
> +> shouldn't be another knob to control it.  If there is a security problem
> +> using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so
> +> that that all the places that implement SUIDDIR don't have to test
> +> both knobs.
> 
> First of all this adds 0 overhead.  And I think there is a need for
> additional level of security for such functionality, but I see no reason
> to force people to recompile kernel. 

Actually, I think what Bruce is actually saying is that the MNT_SUIDDIR
mount option should be sufficient without a sysctl, if we really think
suiddir is safe to use, rather than offering a global disable off by
default.  So the question really becomes "do we want to use recompilation
as a hurdle to discourage use of this feature"...

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Senior Research Scientist, McAfee Research




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040325084920.52837E-100000>