- Loudly disallow MNT_SUIDDIR mount flag for unprivileged users mounts.

- Style fixed.

Submitted by:	bde

sys/kern/vfs_mount.c

@@ -686,22 +686,21 @@ vfs_domount(
 		if (error)
 			return (error);
 	}
+
 	/*
-	 * Do not allow NFS export by non-root users.
+	 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
 	 */
-	if (fsflags & MNT_EXPORTED) {
+	if (fsflags & (MNT_EXPORTED | MNT_SUIDDIR)) {
 		error = suser(td);
 		if (error)
 			return (error);
 	}
 	/*
-	 * Silently enforce MNT_NOSUID, MNT_NODEV and MNT_USER
+	 * Silently enforce MNT_NODEV, MNT_NOSUID and MNT_USER for
-	 * for unprivileged users and remove MNT_SUIDDIR.
+	 * unprivileged users.
 	 */
-	if (suser(td)) {
+	if (suser(td) != 0)
-		fsflags &= ~MNT_SUIDDIR;
+		fsflags |= MNT_NODEV | MNT_NOSUID | MNT_USER;
-		fsflags |= MNT_NOSUID | MNT_NODEV | MNT_USER;
-	}
 	/*
 	 * Get vnode to be covered
 	 */