diff --git a/man/auto.master.5.in b/man/auto.master.5.in
index d488960..56aaa5d 100644
--- a/man/auto.master.5.in
+++ b/man/auto.master.5.in
@@ -195,6 +195,9 @@ For example, with an entry in the master map of
.hy
accessing /net/myserver will mount exports from myserver on directories below
/net/myserver.
+.P
+NOTE: mounts done from a hosts map will be mounted with the "nosuid" option
+unless the "suid" option is explicitly given in the master map entry.
.SH LDAP MAPS
If the map type \fBldap\fP is specified the mapname is of the form
\fB[//servername/]dn\fP, where the optional \fBservername\fP is
diff --git a/modules/parse_sun.c b/modules/parse_sun.c
index 186e567..9a97329 100644
--- a/modules/parse_sun.c
+++ b/modules/parse_sun.c
@@ -496,6 +496,7 @@ static int sun_mount(struct autofs_point *ap, const char *root,
int rv, cur_state;
char *mountpoint;
char *what;
+ char *type;
if (*options == '\0')
options = NULL;
@@ -585,6 +586,36 @@ static int sun_mount(struct autofs_point *ap, const char *root,
mountpoint = alloca(namelen + 1);
sprintf(mountpoint, "%.*s", namelen, name);
+ type = ap->entry->maps->type;
+ if (type && !strcmp(type, "hosts")) {
+ if (options) {
+ if (!strstr(options, "suid")) {
+ char *tmp = alloca(strlen(options) + 8);
+ if (!tmp) {
+ error(ap->logopt, MODPREFIX
+ "alloca failed for options");
+ if (nonstrict)
+ return -1;
+ return 1;
+ }
+ strcpy(tmp, options);
+ strcat(tmp, ",nosuid");
+ options = tmp;
+ }
+ } else {
+ char *tmp = alloca(7);
+ if (!tmp) {
+ error(ap->logopt,
+ MODPREFIX "alloca failed for options");
+ if (nonstrict)
+ return -1;
+ return 1;
+ }
+ strcpy(tmp, "nosuid");
+ options = tmp;
+ }
+ }
+
pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
if (!strcmp(fstype, "nfs")) {
what = alloca(loclen + 1);
diff --git a/samples/auto.master b/samples/auto.master
index d4796a3..4995976 100644
--- a/samples/auto.master
+++ b/samples/auto.master
@@ -5,6 +5,11 @@
# For details of the format look at autofs(5).
#
/misc /etc/auto.misc
+#
+# NOTE: mounts done from a hosts map will be mounted with the
+# "nosuid" option unless the "suid" option is explicitly
+# given.
+#
/net -hosts
#
# Include central master map if it can be found using