On Sat, Feb 14, 2009 at 11:13:18AM -0500, Thor Lancelot Simon wrote:
> So it's a useful feature, but it's not safe default behavior, because
> it violates people's heretofore reasonable expectations about how Unix
> works in a way that can let them carelessly get themselves in trouble.
Absolutely agreed. However, after a discussion about this with ASau in
#netbsd, we agreed that recompiling the kernel is too big of a hassle
to make this work.
In essence, I think this option is similar to vfs.generic.usermount in
that it's a security risk, but if you really want it you can turn it on.
Why not make this option into a sysctl, that defaults to off?
This way, people who really need it (and understand all the implications)
could simply flip a switch without going through the process of
recompiling their kernel. Then the documentation for this switch could
come with a big fat warning stating why it's dangerous.
Cheers,
Peter
--
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
is especially attractive, not only because it can be economically
and scientifically rewarding, but also because it can be an aesthetic
experience much like composing poetry or music."
-- Donald Knuth
Attachment:
pgp05yUUJpWx8.pgp
Description: PGP signature