We probably shouldn't allow users to mount file systems with MNT_SUIDDIR.

There should be not shell access when SUIDDIR is compiled in, but better be sure. Reviewed by: rwatson
2026-06-08 16:22:46 -04:00 · 2004-03-26 21:12:14 +00:00 · 2004-03-26 21:12:14 +00:00 · 2c6040bbb7
commit 2c6040bbb7
parent a5d1aae31a
1 changed files with 4 additions and 2 deletions
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@ -696,10 +696,12 @@ vfs_domount(
 	}
 	/*
 	 * Silently enforce MNT_NOSUID, MNT_NODEV and MNT_USER
-	 * for unprivileged users.
+	 * for unprivileged users and remove MNT_SUIDDIR.
 	 */
-	if (suser(td))
+	if (suser(td)) {
+		fsflags &= ~MNT_SUIDDIR;
 		fsflags |= MNT_NOSUID | MNT_NODEV | MNT_USER;
+	}
 	/*
 	 * Get vnode to be covered
 	 */