YAMAMOTO Takashi wrote:
> > +	/* XXX Must be owned by root. */
> > +	if (va->va_uid != 0)
> > +		return (EPERM);

This would also break any setuid-non-root executable, right?

> > +
> > +	/* Must not be writable by group or other. */
> > +	if (va->va_mode & (S_IWGRP | S_IWOTH))
> > +		return (EPERM);

That's neat. Personally, I'd always turn such a check on. Maybe
this could be accessible separately.

-- 
Christian