Reviewed by: hackers@freebsd.org in general

Obtained from: Whistle Communications tree

Add an option to the way UFS works dependent on the SUID bit of directories
This changes makes things a whole lot simpler on systems running as
fileservers for PCs and MACS. to enable the new code you must
1/ enable option SUIDDIR on the kernel.
2/ mount the filesystem with option suiddir.
hopefully this makes it difficult enough for people to
do this accidentally.
see the new chmod(2) man page for detailed info.

6 files changed, 44 insertions, 6 deletions

diff --git a/sbin/mount/mntopts.h b/sbin/mount/mntopts.h
index 5175070..d9402cf 100644
--- a/sbin/mount/mntopts.h
+++ b/sbin/mount/mntopts.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)mntopts.h	8.7 (Berkeley) 3/29/95
- *	$Id: mntopts.h,v 1.10 1997/08/25 21:02:21 bde Exp $
+ *	$Id: mntopts.h,v 1.11 1997/09/27 13:44:08 kato Exp $
  */
 
 struct mntopt {
@@ -54,6 +54,7 @@ struct mntopt {
 #define MOPT_GROUPQUOTA		{ "groupquota",	0, 0, 0 }
 #define MOPT_NOCLUSTERR		{ "clusterr",	1, MNT_NOCLUSTERR, 0 }
 #define MOPT_NOCLUSTERW		{ "clusterw",	1, MNT_NOCLUSTERW, 0 }
+#define MOPT_SUIDDIR		{ "suiddir",	0, MNT_SUIDDIR, 0 }
 
 /* Control flags. */
 #define MOPT_FORCE		{ "force",	0, MNT_FORCE, 0 }
@@ -77,6 +78,7 @@ struct mntopt {
 	MOPT_NOATIME,							\
 	MOPT_NODEV,							\
 	MOPT_NOEXEC,							\
+	MOPT_SUIDDIR,		/* must be before MOPT_NOSUID */	\
 	MOPT_NOSUID,							\
 	MOPT_RDONLY,							\
 	MOPT_UNION,							\
diff --git a/sbin/mount/mount.8 b/sbin/mount/mount.8
index bda4ad1..4998b4a 100644
--- a/sbin/mount/mount.8
+++ b/sbin/mount/mount.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)mount.8	8.8 (Berkeley) 6/16/94
-.\"	$Id: mount.8,v 1.18 1997/08/24 21:02:48 steve Exp $
+.\"	$Id: mount.8,v 1.19 1997/09/27 13:44:12 kato Exp $
 .\"
 .Dd June 16, 1994
 .Dt MOUNT 8
@@ -154,6 +154,22 @@ mount the file system read-only (even the super-user may not write it).
 All
 .Tn I/O
 to the file system should be done synchronously.
+.It suiddir
+A directory on the mounted filesystem will respond to the SUID bit 
+being set, by setting the owner of any new files to be the same
+as the owner of the directory.
+New directories will inherit the bit from their parents.
+Execute bits are removed from
+the file, and it will not be given to root.
+.Pp
+This feature is designed for use on fileservers serving PC users via
+ftp, SAMBA, or netatalk. It provides security holes for shell users and as
+such should not be used on shell machines, especially on home directories.
+This option requires the SUIDDIR
+option in the kernel to work. Only UFS filesystems support this option.
+See
+.Xr chmod 2
+for more information.
 .It update
 The same as
 .Fl u ;
diff --git a/sbin/mount/mount.c b/sbin/mount/mount.c
index c9b23ac..9c28f2e 100644
--- a/sbin/mount/mount.c
+++ b/sbin/mount/mount.c
@@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)mount.c	8.25 (Berkeley) 5/8/95";
 #else
 static const char rcsid[] =
-	"$Id: mount.c,v 1.19 1997/08/24 21:02:49 steve Exp $";
+	"$Id: mount.c,v 1.20 1997/09/27 13:44:17 kato Exp $";
 #endif
 #endif /* not lint */
 
@@ -97,6 +97,7 @@ static struct opt {
 	{ MNT_UNION,		"union" },
 	{ MNT_NOCLUSTERR,	"noclusterr" },
 	{ MNT_NOCLUSTERW,	"noclusterw" },
+	{ MNT_SUIDDIR,		"suiddir" },
 	{ NULL }
 };
 
diff --git a/sbin/mount_ifs/mntopts.h b/sbin/mount_ifs/mntopts.h
index 5175070..d9402cf 100644
--- a/sbin/mount_ifs/mntopts.h
+++ b/sbin/mount_ifs/mntopts.h
@@ -31,7 +31,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)mntopts.h	8.7 (Berkeley) 3/29/95
- *	$Id: mntopts.h,v 1.10 1997/08/25 21:02:21 bde Exp $
+ *	$Id: mntopts.h,v 1.11 1997/09/27 13:44:08 kato Exp $
  */
 
 struct mntopt {
@@ -54,6 +54,7 @@ struct mntopt {
 #define MOPT_GROUPQUOTA		{ "groupquota",	0, 0, 0 }
 #define MOPT_NOCLUSTERR		{ "clusterr",	1, MNT_NOCLUSTERR, 0 }
 #define MOPT_NOCLUSTERW		{ "clusterw",	1, MNT_NOCLUSTERW, 0 }
+#define MOPT_SUIDDIR		{ "suiddir",	0, MNT_SUIDDIR, 0 }
 
 /* Control flags. */
 #define MOPT_FORCE		{ "force",	0, MNT_FORCE, 0 }
@@ -77,6 +78,7 @@ struct mntopt {
 	MOPT_NOATIME,							\
 	MOPT_NODEV,							\
 	MOPT_NOEXEC,							\
+	MOPT_SUIDDIR,		/* must be before MOPT_NOSUID */	\
 	MOPT_NOSUID,							\
 	MOPT_RDONLY,							\
 	MOPT_UNION,							\
diff --git a/sbin/mount_ifs/mount.8 b/sbin/mount_ifs/mount.8
index bda4ad1..4998b4a 100644
--- a/sbin/mount_ifs/mount.8
+++ b/sbin/mount_ifs/mount.8
@@ -30,7 +30,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)mount.8	8.8 (Berkeley) 6/16/94
-.\"	$Id: mount.8,v 1.18 1997/08/24 21:02:48 steve Exp $
+.\"	$Id: mount.8,v 1.19 1997/09/27 13:44:12 kato Exp $
 .\"
 .Dd June 16, 1994
 .Dt MOUNT 8
@@ -154,6 +154,22 @@ mount the file system read-only (even the super-user may not write it).
 All
 .Tn I/O
 to the file system should be done synchronously.
+.It suiddir
+A directory on the mounted filesystem will respond to the SUID bit 
+being set, by setting the owner of any new files to be the same
+as the owner of the directory.
+New directories will inherit the bit from their parents.
+Execute bits are removed from
+the file, and it will not be given to root.
+.Pp
+This feature is designed for use on fileservers serving PC users via
+ftp, SAMBA, or netatalk. It provides security holes for shell users and as
+such should not be used on shell machines, especially on home directories.
+This option requires the SUIDDIR
+option in the kernel to work. Only UFS filesystems support this option.
+See
+.Xr chmod 2
+for more information.
 .It update
 The same as
 .Fl u ;
diff --git a/sbin/mount_ifs/mount.c b/sbin/mount_ifs/mount.c
index c9b23ac..9c28f2e 100644
--- a/sbin/mount_ifs/mount.c
+++ b/sbin/mount_ifs/mount.c
@@ -42,7 +42,7 @@ static const char copyright[] =
 static char sccsid[] = "@(#)mount.c	8.25 (Berkeley) 5/8/95";
 #else
 static const char rcsid[] =
-	"$Id: mount.c,v 1.19 1997/08/24 21:02:49 steve Exp $";
+	"$Id: mount.c,v 1.20 1997/09/27 13:44:17 kato Exp $";
 #endif
 #endif /* not lint */
 
@@ -97,6 +97,7 @@ static struct opt {
 	{ MNT_UNION,		"union" },
 	{ MNT_NOCLUSTERR,	"noclusterr" },
 	{ MNT_NOCLUSTERW,	"noclusterw" },
+	{ MNT_SUIDDIR,		"suiddir" },
 	{ NULL }
 };