From 2c6040bbb7575512f137ac7000ef53cbd23cb882 Mon Sep 17 00:00:00 2001
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Fri, 26 Mar 2004 21:12:14 +0000
Subject: [PATCH] We probably shouldn't allow users to mount file systems with
 MNT_SUIDDIR. There should be not shell access when SUIDDIR is compiled in,
 but better be sure.

Reviewed by:	rwatson
---
 sys/kern/vfs_mount.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c
index 53eb026b091..b4e113b2d77 100644
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@@ -696,10 +696,12 @@ vfs_domount(
 	}
 	/*
 	 * Silently enforce MNT_NOSUID, MNT_NODEV and MNT_USER
-	 * for unprivileged users.
+	 * for unprivileged users and remove MNT_SUIDDIR.
 	 */
-	if (suser(td))
+	if (suser(td)) {
+		fsflags &= ~MNT_SUIDDIR;
 		fsflags |= MNT_NOSUID | MNT_NODEV | MNT_USER;
+	}
 	/*
 	 * Get vnode to be covered
 	 */