diff options
| author | pjd <pjd@FreeBSD.org> | 2004-03-26 21:12:14 +0000 |
|---|---|---|
| committer | pjd <pjd@FreeBSD.org> | 2004-03-26 21:12:14 +0000 |
| commit | b05f0288daadcb0b82d507b42a40665165b146ba (patch) | |
| tree | 114e768d20cb58dcf7c1571d96dfb26c60514b5d | |
| parent | 11f479f5193062dc4eb60f7c5964ffbd382dd52a (diff) | |
| download | FreeBSD-src-b05f0288daadcb0b82d507b42a40665165b146ba.zip FreeBSD-src-b05f0288daadcb0b82d507b42a40665165b146ba.tar.gz | |
We probably shouldn't allow users to mount file systems with MNT_SUIDDIR.
There should be not shell access when SUIDDIR is compiled in, but
better be sure.
Reviewed by: rwatson
| -rw-r--r-- | sys/kern/vfs_mount.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index 53eb026..b4e113b 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -696,10 +696,12 @@ vfs_domount( } /* * Silently enforce MNT_NOSUID, MNT_NODEV and MNT_USER - * for unprivileged users. + * for unprivileged users and remove MNT_SUIDDIR. */ - if (suser(td)) + if (suser(td)) { + fsflags &= ~MNT_SUIDDIR; fsflags |= MNT_NOSUID | MNT_NODEV | MNT_USER; + } /* * Get vnode to be covered */ |
