SUIDDIR -> security.bsd.suiddir_enable.
Bruce Evans
bde at zeta.org.au
Thu Mar 25 04:06:42 PST 2004
On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
> Any objection on such exchange?
>
> In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option
> with sysctl security.bsd.suiddir_enable sysctl with is turned off by
> default. SUIDDIR option is not removed, but it means now: turn on suiddir
> functionality by default.
Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there
shouldn't be another knob to control it. If there is a security problem
using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so
that that all the places that implement SUIDDIR don't have to test
both knobs.
> I'm not also sure if security.bsd.* is the right place, maybe vfs.*
> is better?
/dev/null is better :-).
Bruce
More information about the freebsd-arch
mailing list