SUIDDIR -> security.bsd.suiddir_enable.
Robert Watson
rwatson at FreeBSD.org
Thu Mar 25 05:52:36 PST 2004
On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
> On Thu, Mar 25, 2004 at 11:06:38PM +1100, Bruce Evans wrote:
> +> On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
> +>
> +> > Any objection on such exchange?
> +> >
> +> > In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option
> +> > with sysctl security.bsd.suiddir_enable sysctl with is turned off by
> +> > default. SUIDDIR option is not removed, but it means now: turn on suiddir
> +> > functionality by default.
> +>
> +> Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there
> +> shouldn't be another knob to control it. If there is a security problem
> +> using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so
> +> that that all the places that implement SUIDDIR don't have to test
> +> both knobs.
>
> First of all this adds 0 overhead. And I think there is a need for
> additional level of security for such functionality, but I see no reason
> to force people to recompile kernel.
Actually, I think what Bruce is actually saying is that the MNT_SUIDDIR
mount option should be sufficient without a sysctl, if we really think
suiddir is safe to use, rather than offering a global disable off by
default. So the question really becomes "do we want to use recompilation
as a hurdle to discourage use of this feature"...
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org Senior Research Scientist, McAfee Research
More information about the freebsd-arch
mailing list