Christian Biere wrote:
> YAMAMOTO Takashi wrote:
> > > +	/* XXX Must be owned by root. */
> > > +	if (va->va_uid != 0)
> > > +		return (EPERM);
 
> This would also break any setuid-non-root executable, right?

What I mean is: This denies execution of any executable not owned by root.
For example, none of my pkgsrc application are root-owned but rather a dedicated
user. This case might be neglible but, for example, there are a few executables
even in base that are not owned by root and have the setuid-bit set:

 $ grep -E mode=04'[0-9]{3}' /etc/mtree/*|grep -Ev uname=root

Granted, these might also be neglible. I wasn't arguing against this check but
rather wondering whether I understood it correctly.

-- 
Christian