Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
nfs-utils.22532
0002-mount-call-setgroups-before-setuid.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-mount-call-setgroups-before-setuid.patch of Package nfs-utils.22532
From 5b7da9d70261583e67e114b36cb19973de15606d Mon Sep 17 00:00:00 2001 From: NeilBrown <neilb@suse.com> Date: Wed, 8 Feb 2017 08:22:36 +1100 Subject: [PATCH] mount: call setgroups() before setuid() It is generally wise to call setgroups() (and setgid()) before calling setuid() to ensure no unexpected permission leaks happen. SUSE's build system check all binaries for conformance with this and generates a warning for mountd. As we set setting the uid to 0, there is no risk that the group list will provide extra permissions, so there is no real risk here. But it is nice to silence warnings, and including a setgroups() call is probably a good practice to encourage. Signed-off-by: NeilBrown <neilb@suse.com> --- utils/mount/network.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/utils/mount/network.c b/utils/mount/network.c index d1c8fec75174..281e9354a7fa 100644 --- a/utils/mount/network.c +++ b/utils/mount/network.c @@ -33,6 +33,7 @@ #include <errno.h> #include <netdb.h> #include <time.h> +#include <grp.h> #include <sys/types.h> #include <sys/socket.h> @@ -804,6 +805,7 @@ int start_statd(void) pid_t pid = fork(); switch (pid) { case 0: /* child */ + setgroups(0, NULL); setgid(0); setuid(0); execle(START_STATD, START_STATD, NULL, envp); -- 2.11.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor