MFC

author: attilio <attilio@FreeBSD.org> 2011-05-31 14:18:10 +0000
committer: attilio <attilio@FreeBSD.org> 2011-05-31 14:18:10 +0000
commit: b1bf71d3c513adb3ecd4c1c7f5448ff4e16ace0d (patch)
tree: c759a44cfd864954c1c16cc322d118053a9ac6e9 /sys/cddl
parent: 8dd6262cd373f038ccdf8cfe1bb317679fd36c2b (diff)
parent: f863f8506b376153bd82f6f80933a3faac1bd48c (diff)
download: FreeBSD-src-b1bf71d3c513adb3ecd4c1c7f5448ff4e16ace0d.zip
FreeBSD-src-b1bf71d3c513adb3ecd4c1c7f5448ff4e16ace0d.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c b/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
index be9f4ec..a266eca 100644
--- a/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
+++ b/sys/cddl/compat/opensolaris/kern/opensolaris_vfs.c
@@ -172,6 +172,11 @@ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath,
 	 */
 	mp->mnt_flag |= MNT_RDONLY;
 	/*
+	 * We don't want snapshots to allow access to vulnerable setuid
+	 * programs, so we turn off setuid when mounting snapshots.
+	 */
+	mp->mnt_flag |= MNT_NOSUID;
+	/*
 	 * We don't want snapshots to be visible in regular
 	 * mount(8) and df(1) output.
 	 */
author	attilio <attilio@FreeBSD.org>	2011-05-31 14:18:10 +0000
committer	attilio <attilio@FreeBSD.org>	2011-05-31 14:18:10 +0000
commit	b1bf71d3c513adb3ecd4c1c7f5448ff4e16ace0d (patch)
tree	c759a44cfd864954c1c16cc322d118053a9ac6e9 /sys/cddl
parent	8dd6262cd373f038ccdf8cfe1bb317679fd36c2b (diff)
parent	f863f8506b376153bd82f6f80933a3faac1bd48c (diff)
download	FreeBSD-src-b1bf71d3c513adb3ecd4c1c7f5448ff4e16ace0d.zip FreeBSD-src-b1bf71d3c513adb3ecd4c1c7f5448ff4e16ace0d.tar.gz