SUIDDIR -> security.bsd.suiddir_enable.

Bruce Evans bde at zeta.org.au
Thu Mar 25 04:06:42 PST 2004


On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:

> Any objection on such exchange?
>
> In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option
> with sysctl security.bsd.suiddir_enable sysctl with is turned off by
> default. SUIDDIR option is not removed, but it means now: turn on suiddir
> functionality by default.

Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there
shouldn't be another knob to control it.  If there is a security problem
using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so
that that all the places that implement SUIDDIR don't have to test
both knobs.

> I'm not also sure if security.bsd.* is the right place, maybe vfs.*
> is better?

/dev/null is better :-).

Bruce


More information about the freebsd-arch mailing list