- Loudly disallow MNT_SUIDDIR mount flag for unprivileged users mounts.

- Style fixed. Submitted by: bde
svn path=/head/; revision=127473
2024-10-04 15:40:44 +00:00 · 2004-03-27 08:09:00 +00:00 · 2004-03-27 08:09:00 +00:00 · 6c8cc8ec4b · 2020-12-20 02:59:44 +00:00
parent c3e741f776
commit 6c8cc8ec4b
1 changed files with 7 additions and 8 deletions
--- a/sys/kern/vfs_mount.c
+++ b/sys/kern/vfs_mount.c
@ -686,22 +686,21 @@ vfs_domount(
 		if (error)
 			return (error);
 	}
+
 	/*
-	 * Do not allow NFS export by non-root users.
+	 * Do not allow NFS export or MNT_SUIDDIR by unprivileged users.
 	 */
-	if (fsflags & MNT_EXPORTED) {
+	if (fsflags & (MNT_EXPORTED | MNT_SUIDDIR)) {
 		error = suser(td);
 		if (error)
 			return (error);
 	}
 	/*
-	 * Silently enforce MNT_NOSUID, MNT_NODEV and MNT_USER
-	 * for unprivileged users and remove MNT_SUIDDIR.
+	 * Silently enforce MNT_NODEV, MNT_NOSUID and MNT_USER for
+	 * unprivileged users.
 	 */
-	if (suser(td)) {
-		fsflags &= ~MNT_SUIDDIR;
-		fsflags |= MNT_NOSUID | MNT_NODEV | MNT_USER;
-	}
+	if (suser(td) != 0)
+		fsflags |= MNT_NODEV | MNT_NOSUID | MNT_USER;
 	/*
 	 * Get vnode to be covered
 	 */