diff -pruN autofs-5.0.2.pre/man/auto.master.5.in autofs-5.0.2/man/auto.master.5.in
--- autofs-5.0.2.pre/man/auto.master.5.in	2008-01-10 15:09:32.000000000 -0500
+++ autofs-5.0.2/man/auto.master.5.in	2008-01-10 15:10:22.000000000 -0500
@@ -185,6 +185,9 @@ For example, with an entry in the master
 .hy
 accessing /net/myserver will mount exports from myserver on directories below
 /net/myserver.
+.P
+NOTE: mounts done from a hosts map will be mounted with the "nosuid" and "nodev" options
+unless the options "suid" and "dev" are explicitly given in the master map entry.
 .SH LDAP MAPS
 If the map type \fBldap\fP is specified the mapname is of the form
 \fB[//servername/]dn\fP, where the optional \fBservername\fP is
diff -pruN autofs-5.0.2.pre/modules/parse_sun.c autofs-5.0.2/modules/parse_sun.c
--- autofs-5.0.2.pre/modules/parse_sun.c	2007-06-18 03:18:08.000000000 -0400
+++ autofs-5.0.2/modules/parse_sun.c	2008-01-10 15:10:22.000000000 -0500
@@ -498,6 +498,7 @@ static int sun_mount(struct autofs_point
 	int rv, cur_state;
 	char *mountpoint;
 	char *what;
+	char *type;
 
 	if (*options == '\0')
 		options = NULL;
@@ -587,6 +588,44 @@ static int sun_mount(struct autofs_point
 	mountpoint = alloca(namelen + 1);
 	sprintf(mountpoint, "%.*s", namelen, name);
 
+	type = ap->entry->maps->type;
+	if (type && !strcmp(type, "hosts")) {
+		if (options) {
+			int len = strlen(options);
+			int suid = strstr(options, "suid") ? 0 : 7;
+			int dev = strstr(options, "dev") ? 0 : 6;
+
+			if (suid || dev) {
+				char *tmp = alloca(len + suid + dev + 1);
+				if (!tmp) {
+					error(ap->logopt, MODPREFIX
+					      "alloca failed for options");
+					if (nonstrict)
+						return -1;
+					return 1;
+				}
+
+				strcpy(tmp, options);
+				if (suid)
+					strcat(tmp, ",nosuid");
+				if (dev)
+					strcat(tmp, ",nodev");
+				options = tmp;
+			}
+		} else {
+			char *tmp = alloca(13);
+			if (!tmp) {
+				error(ap->logopt,
+				      MODPREFIX "alloca failed for options");
+				if (nonstrict)
+					return -1;
+				return 1;
+			}
+			strcpy(tmp, "nosuid,nodev");
+			options = tmp;
+		}
+	}
+
 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
 	if (!strcmp(fstype, "nfs")) {
 		what = alloca(loclen + 1);
diff -pruN autofs-5.0.2.pre/samples/auto.master autofs-5.0.2/samples/auto.master
--- autofs-5.0.2.pre/samples/auto.master	2008-01-10 15:09:32.000000000 -0500
+++ autofs-5.0.2/samples/auto.master	2008-01-10 15:11:39.000000000 -0500
@@ -5,6 +5,11 @@
 # For details of the format look at autofs(5).
 #
 #/misc	/etc/autofs/auto.misc
+#
+# NOTE: mounts done from a hosts map will be mounted with the
+#       "nosuid" and "nodev" options unless the "suid" and "dev"
+#       options are explicitly given.
+#
 #/net	-hosts
 #
 # Include central master map if it can be found using