From patchwork Tue Feb  7 22:56:09 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: NeilBrown <neilb@suse.com>
X-Patchwork-Id: 9561361
Return-Path: <linux-nfs-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	08BD16047A for <patchwork-linux-nfs@patchwork.kernel.org>;
	Tue,  7 Feb 2017 22:56:18 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F3DD528472
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Tue,  7 Feb 2017 22:56:17 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id E8BA828488; Tue,  7 Feb 2017 22:56:17 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	T_TVD_MIME_EPI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7C37C28472
	for <patchwork-linux-nfs@patchwork.kernel.org>;
	Tue,  7 Feb 2017 22:56:17 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754300AbdBGW4Q (ORCPT
	<rfc822;patchwork-linux-nfs@patchwork.kernel.org>);
	Tue, 7 Feb 2017 17:56:16 -0500
Received: from mx2.suse.de ([195.135.220.15]:59413 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753798AbdBGW4Q (ORCPT <rfc822;linux-nfs@vger.kernel.org>);
	Tue, 7 Feb 2017 17:56:16 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id F0F21ABD3;
	Tue,  7 Feb 2017 22:56:14 +0000 (UTC)
From: NeilBrown <neilb@suse.com>
To: steved@redhat.com
Date: Wed, 08 Feb 2017 09:56:09 +1100
Cc: Linux NFS Mailing <linux-nfs@vger.kernel.org>
Subject: [PATCH] mount: call setgroups() before setuid()
Message-ID: <877f51wqye.fsf@notabene.neil.brown.name>
MIME-Version: 1.0
Sender: linux-nfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

It is generally wise to call setgroups() (and setgid()) before calling
setuid() to ensure no unexpected permission leaks happen.
SUSE's build system checks all binaries for conformance with this
and generates a warning for mountd.

As we are setting the uid to 0, there is no risk that the group list
will provide extra permissions, so there is no real risk here.
But it is nice to silence warnings, and including a setgroups()
call is probably a good practice to encourage.

Signed-off-by: NeilBrown <neilb@suse.com>
---
 utils/mount/network.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/utils/mount/network.c b/utils/mount/network.c
index d1c8fec75174..281e9354a7fa 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -33,6 +33,7 @@
 #include <errno.h>
 #include <netdb.h>
 #include <time.h>
+#include <grp.h>
 
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -804,6 +805,7 @@ int start_statd(void)
 			pid_t pid = fork();
 			switch (pid) {
 			case 0: /* child */
+				setgroups(0, NULL);
 				setgid(0);
 				setuid(0);
 				execle(START_STATD, START_STATD, NULL, envp);