All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] mount: call setgroups() before setuid()
@ 2017-02-07 22:56 NeilBrown
  2017-02-16 10:22 ` Steve Dickson
  0 siblings, 1 reply; 2+ messages in thread
From: NeilBrown @ 2017-02-07 22:56 UTC (permalink / raw)
  To: steved; +Cc: Linux NFS Mailing

[-- Attachment #1: Type: text/plain, Size: 1156 bytes --]


It is generally wise to call setgroups() (and setgid()) before calling
setuid() to ensure no unexpected permission leaks happen.
SUSE's build system checks all binaries for conformance with this
and generates a warning for mountd.

As we are setting the uid to 0, there is no risk that the group list
will provide extra permissions, so there is no real risk here.
But it is nice to silence warnings, and including a setgroups()
call is probably a good practice to encourage.

Signed-off-by: NeilBrown <neilb@suse.com>
---
 utils/mount/network.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/utils/mount/network.c b/utils/mount/network.c
index d1c8fec75174..281e9354a7fa 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -33,6 +33,7 @@
 #include <errno.h>
 #include <netdb.h>
 #include <time.h>
+#include <grp.h>
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -804,6 +805,7 @@ int start_statd(void)
 			pid_t pid = fork();
 			switch (pid) {
 			case 0: /* child */
+				setgroups(0, NULL);
 				setgid(0);
 				setuid(0);
 				execle(START_STATD, START_STATD, NULL, envp);
-- 
2.11.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] mount: call setgroups() before setuid()
  2017-02-07 22:56 [PATCH] mount: call setgroups() before setuid() NeilBrown
@ 2017-02-16 10:22 ` Steve Dickson
  0 siblings, 0 replies; 2+ messages in thread
From: Steve Dickson @ 2017-02-16 10:22 UTC (permalink / raw)
  To: NeilBrown; +Cc: Linux NFS Mailing



On 02/07/2017 05:56 PM, NeilBrown wrote:
> It is generally wise to call setgroups() (and setgid()) before calling
> setuid() to ensure no unexpected permission leaks happen.
> SUSE's build system checks all binaries for conformance with this
> and generates a warning for mountd.
>
> As we are setting the uid to 0, there is no risk that the group list
> will provide extra permissions, so there is no real risk here.
> But it is nice to silence warnings, and including a setgroups()
> call is probably a good practice to encourage.
>
> Signed-off-by: NeilBrown <neilb@suse.com>
Committed...

steved.

> ---
>  utils/mount/network.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/utils/mount/network.c b/utils/mount/network.c
> index d1c8fec75174..281e9354a7fa 100644
> --- a/utils/mount/network.c
> +++ b/utils/mount/network.c
> @@ -33,6 +33,7 @@
>  #include <errno.h>
>  #include <netdb.h>
>  #include <time.h>
> +#include <grp.h>
>  
>  #include <sys/types.h>
>  #include <sys/socket.h>
> @@ -804,6 +805,7 @@ int start_statd(void)
>  			pid_t pid = fork();
>  			switch (pid) {
>  			case 0: /* child */
> +				setgroups(0, NULL);
>  				setgid(0);
>  				setuid(0);
>  				execle(START_STATD, START_STATD, NULL, envp);


^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-02-16 10:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-07 22:56 [PATCH] mount: call setgroups() before setuid() NeilBrown
2017-02-16 10:22 ` Steve Dickson

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.