Re: SUIDDIR -> security.bsd.suiddir_enable.
From: Bruce Evans (bde_at_zeta.org.au)
Date: 03/25/04
- Previous message: Bruce Evans: "Re: Adding `pgrep' and `pkill' to /usr/bin"
- In reply to: Pawel Jakub Dawidek: "SUIDDIR -> security.bsd.suiddir_enable."
- Next in thread: Pawel Jakub Dawidek: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Reply: Pawel Jakub Dawidek: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 25 Mar 2004 23:06:38 +1100 (EST) To: Pawel Jakub Dawidek <pjd@freebsd.org>
On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
> Any objection on such exchange?
>
> In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option
> with sysctl security.bsd.suiddir_enable sysctl with is turned off by
> default. SUIDDIR option is not removed, but it means now: turn on suiddir
> functionality by default.
Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there
shouldn't be another knob to control it. If there is a security problem
using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so
that that all the places that implement SUIDDIR don't have to test
both knobs.
> I'm not also sure if security.bsd.* is the right place, maybe vfs.*
> is better?
/dev/null is better :-).
Bruce
_______________________________________________
freebsd-arch@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
- Previous message: Bruce Evans: "Re: Adding `pgrep' and `pkill' to /usr/bin"
- In reply to: Pawel Jakub Dawidek: "SUIDDIR -> security.bsd.suiddir_enable."
- Next in thread: Pawel Jakub Dawidek: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Reply: Pawel Jakub Dawidek: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
