From owner-freebsd-security Fri May 17 11:22:27 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id LAA07469 for security-outgoing; Fri, 17 May 1996 11:22:27 -0700 (PDT) Received: (from hsu@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id LAA07463; Fri, 17 May 1996 11:22:26 -0700 (PDT) Date: Fri, 17 May 1996 11:22:26 -0700 (PDT) From: Jeffrey Hsu Message-Id: <199605171822.LAA07463@freefall.freebsd.org> To: jkh Subject: Re: very bad Cc: freebsd-security Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk I believe mount_union is setuid root to allow non-root users to make union mounts in directories that they own. The Lite2 kernel (a current snapshot of my diffs is in ~hsu/cvs/teeny.diffs.5-16.gz) removes the restriction that only root can do mounts, so mount_union is no longer set_uid there. So, it should be sufficient to just make our mount_union non-setuid root for the following reasons: 1. Union mounts don't work anyways. 2. When they do work in Lite2, mount_union won't be setuid root. 3. If the user want to try out union mounts now, he can su and do it.