We probably shouldn't allow users to mount file systems with MNT_SUIDDIR.

There should be not shell access when SUIDDIR is compiled in, but better be sure. Reviewed by: rwatson
2004-03-26 21:12:14 +00:00 · 2004-03-26 21:12:14 +00:00 · b05f0288da
commit b05f0288da
parent 11f479f519
1 changed files with 4 additions and 2 deletions
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@ -696,10 +696,12 @@ vfs_domount(
 	}
 	/*
 	 * Silently enforce MNT_NOSUID, MNT_NODEV and MNT_USER
-	 * for unprivileged users.
+	 * for unprivileged users and remove MNT_SUIDDIR.
 	 */
-	if (suser(td))
+	if (suser(td)) {
+		fsflags &= ~MNT_SUIDDIR;
 		fsflags |= MNT_NOSUID | MNT_NODEV | MNT_USER;
+	}
 	/*
 	 * Get vnode to be covered
 	 */