--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Jan 07, 2007 at 12:41:41PM +0100, Manuel Bouyer wrote:
> On Sun, Jan 07, 2007 at 02:36:08AM +0100, Kurt Schreiner wrote:
> > On Sat, Jan 06, 2007 at 04:36:27PM -0500, Blair Sadewitz wrote:
> > > [...]
> > >=20
> > > Why is this returning EPERM?
> > Because you are trying to mout w/o having nodev,nosuid defined for
> > the file system you try to mount? This is a new requirement since
> > a few days when the code was changed to use KAUTH...
>=20
> Hum, I think the previous code added this automatically for user mounts .=
..

Yes, it did. The problem is that adding this would mean that the bsd44=20
security model would be changing mount options as opposed to validating=20
them, which is very gross. It also weakens security as a rogue security=20
model could now do more than just be obstinant and deny access; it could=20
actually weaken security.

kauth doesn't really have a way to say, "This is ok if you change this."=20
:-(

Take care,

Bill

--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFFowyNWz+3JHUci9cRAvL9AJ9gTtx/+y8RYKYsKRSeZnDVLC22RwCfYMIy
5IQzbIFoGY1XyZBMiJFjs60=
=3vD/
-----END PGP SIGNATURE-----

--EVF5PPMfhYS0aIcm--