Change the current working directory to be inside the jail created by

the jail(8) command. [10:04] Fix a one-NUL-byte buffer overflow in libopie. [10:05] Correctly sanity-check a buffer length in nfs mount. [10:06] Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-10:04.jail Security: FreeBSD-SA-10:05.opie Security: FreeBSD-SA-10:06.nfsclient
author: cperciva <cperciva@FreeBSD.org> 2010-05-27 03:15:04 +0000
committer: cperciva <cperciva@FreeBSD.org> 2010-05-27 03:15:04 +0000
commit: c8612ee587015f9d8700cd66f976c478b90c96eb (patch)
tree: bb411589baeeda79e1125d6ff01c0e7a1f95d350 /lib/libc
parent: 24a8b9692fb6bf640d0b0d36774ebc871ad94410 (diff)
download: FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.zip
FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/libc/sys/mount.2 b/lib/libc/sys/mount.2
index b65c1b6..57ad428 100644
--- a/lib/libc/sys/mount.2
+++ b/lib/libc/sys/mount.2
@@ -107,7 +107,7 @@ This restriction can be removed by setting the
 .Va vfs.usermount
 .Xr sysctl 8
 variable
-to a non-zero value.
+to a non-zero value; see the BUGS section for more information.
 .Pp
 The following
 .Fa flags
@@ -374,3 +374,10 @@ system call first appeared in
 .Fx 5.0 .
 .Sh BUGS
 Some of the error codes need translation to more obvious messages.
+.Pp
+Allowing untrusted users to mount arbitrary media, e.g. by enabling
+.Va vfs.usermount ,
+should not be considered safe.
+Most file systems in
+.Fx
+were not built to safeguard against malicious devices.
author	cperciva <cperciva@FreeBSD.org>	2010-05-27 03:15:04 +0000
committer	cperciva <cperciva@FreeBSD.org>	2010-05-27 03:15:04 +0000
commit	c8612ee587015f9d8700cd66f976c478b90c96eb (patch)
tree	bb411589baeeda79e1125d6ff01c0e7a1f95d350 /lib/libc
parent	24a8b9692fb6bf640d0b0d36774ebc871ad94410 (diff)
download	FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.zip FreeBSD-src-c8612ee587015f9d8700cd66f976c478b90c96eb.tar.gz