SUIDDIR -> security.bsd.suiddir_enable.
Pawel Jakub Dawidek
pjd at FreeBSD.org
Thu Mar 25 04:35:56 PST 2004
On Thu, Mar 25, 2004 at 11:06:38PM +1100, Bruce Evans wrote:
+> On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
+>
+> > Any objection on such exchange?
+> >
+> > In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option
+> > with sysctl security.bsd.suiddir_enable sysctl with is turned off by
+> > default. SUIDDIR option is not removed, but it means now: turn on suiddir
+> > functionality by default.
+>
+> Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there
+> shouldn't be another knob to control it. If there is a security problem
+> using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so
+> that that all the places that implement SUIDDIR don't have to test
+> both knobs.
First of all this adds 0 overhead.
And I think there is a need for additional level of security for such
functionality, but I see no reason to force people to recompile kernel.
--
Pawel Jakub Dawidek http://www.FreeBSD.org
pjd at FreeBSD.org http://garage.freebsd.pl
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20040325/b43f3d24/attachment.bin
More information about the freebsd-arch
mailing list