From owner-freebsd-arch@FreeBSD.ORG Thu Mar 25 04:35:56 2004 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B73C116A4CE for ; Thu, 25 Mar 2004 04:35:56 -0800 (PST) Received: from darkness.comp.waw.pl (unknown [195.117.238.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id D203E43D2F for ; Thu, 25 Mar 2004 04:35:55 -0800 (PST) (envelope-from pjd@darkness.comp.waw.pl) Received: by darkness.comp.waw.pl (Postfix, from userid 1009) id 837F2ACAEE; Thu, 25 Mar 2004 13:35:54 +0100 (CET) Date: Thu, 25 Mar 2004 13:35:54 +0100 From: Pawel Jakub Dawidek To: Bruce Evans Message-ID: <20040325123554.GZ8930@darkness.comp.waw.pl> References: <20040324235120.GU8930@darkness.comp.waw.pl> <20040325225342.D36800@gamplex.bde.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6CpFlezhW0MxRmxw" Content-Disposition: inline In-Reply-To: <20040325225342.D36800@gamplex.bde.org> User-Agent: Mutt/1.4.2i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 5.2.1-RC2 i386 cc: freebsd-arch@freebsd.org Subject: Re: SUIDDIR -> security.bsd.suiddir_enable. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Mar 2004 12:35:56 -0000 --6CpFlezhW0MxRmxw Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 25, 2004 at 11:06:38PM +1100, Bruce Evans wrote: +> On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote: +>=20 +> > Any objection on such exchange? +> > +> > In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option +> > with sysctl security.bsd.suiddir_enable sysctl with is turned off by +> > default. SUIDDIR option is not removed, but it means now: turn on suid= dir +> > functionality by default. +>=20 +> Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there +> shouldn't be another knob to control it. If there is a security problem +> using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so +> that that all the places that implement SUIDDIR don't have to test +> both knobs. First of all this adds 0 overhead. And I think there is a need for additional level of security for such functionality, but I see no reason to force people to recompile kernel. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --6CpFlezhW0MxRmxw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAYtIqForvXbEpPzQRAtMlAKDccfUxz8WfXLXZ5pbOgmyvDe8z2QCg99LU hVK7fpNLCUsiRpS/sRUVh9w= =PToh -----END PGP SIGNATURE----- --6CpFlezhW0MxRmxw--