From f149f6051cdc885aa3eed98c888cad3a6dcda2d2 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 27 Sep 2022 16:23:27 -0400 Subject: [PATCH] import autofs-5.1.4-83.el8 --- ...s-5.1.8-dont-use-initgroups-at-spawn.patch | 131 ++++++++++++++++++ SPECS/autofs.spec | 10 +- 2 files changed, 140 insertions(+), 1 deletion(-) create mode 100644 SOURCES/autofs-5.1.8-dont-use-initgroups-at-spawn.patch diff --git a/SOURCES/autofs-5.1.8-dont-use-initgroups-at-spawn.patch b/SOURCES/autofs-5.1.8-dont-use-initgroups-at-spawn.patch new file mode 100644 index 0000000..bdd6e01 --- /dev/null +++ b/SOURCES/autofs-5.1.8-dont-use-initgroups-at-spawn.patch @@ -0,0 +1,131 @@ +autofs-5.1.8 - dont use initgroups() at spawn + +From: Ian Kent + +The initgroups(3) function isn't safe to use between fork() and +exec() in a threaded program. + +Using it this way often leads to a hang for even moderate work +loads. + +But the getgrouplist()/setgroups() combination can be used safely +in this case and this patch changes autofs to use these (the safety +of using of setgroups() is yet to to be documented). + +A large portion of the work on this patch has been contributed +by Roberto Bergantinos . + +Reported-by: Roberto Bergantinos +Fixes: 6343a3292020 ("autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn()") +Signed-off-by: Roberto Bergantinos +Signed-off-by: Ian Kent +--- + CHANGELOG | 1 + + daemon/spawn.c | 51 +++++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 48 insertions(+), 4 deletions(-) + +--- autofs-5.1.4.orig/CHANGELOG ++++ autofs-5.1.4/CHANGELOG +@@ -94,6 +94,7 @@ + - fix sysconf(3) return handling. + - remove nonstrict parameter from tree_mapent_umount_offsets(). + - fix handling of incorrect return from umount_ent(). ++- dont use initgroups() at spawn. + + xx/xx/2018 autofs-5.1.5 + - fix flag file permission. +--- autofs-5.1.4.orig/daemon/spawn.c ++++ autofs-5.1.4/daemon/spawn.c +@@ -26,6 +26,7 @@ + #include + #include + #include ++#include + + #include "automount.h" + +@@ -335,6 +336,10 @@ static int do_spawn(unsigned logopt, uns + struct thread_stdenv_vars *tsv; + pid_t euid = 0; + gid_t egid = 0; ++ gid_t *groups = NULL; ++ gid_t *saved_groups = NULL; ++ int ngroups = 0; ++ int nsaved_groups = 0; + + if (open_pipe(pipefd)) + return -1; +@@ -357,6 +362,31 @@ static int do_spawn(unsigned logopt, uns + } + + open_mutex_lock(); ++ ++ if (euid) { ++ struct passwd *pwd; ++ ++ pwd = getpwuid(getuid()); ++ if (!pwd) ++ fprintf(stderr, ++ "warning: getpwuid: can't get current username\n"); ++ else { ++ /* get number of groups for current gid */ ++ getgrouplist(pwd->pw_name, getgid(), NULL, &nsaved_groups); ++ saved_groups = malloc(nsaved_groups * sizeof(gid_t)); ++ ++ /* get current gid groups list */ ++ getgrouplist(pwd->pw_name, getgid(), saved_groups, &nsaved_groups); ++ } ++ ++ /* get number of groups of mount triggering process */ ++ getgrouplist(tsv->user, egid, NULL, &ngroups); ++ groups = malloc(ngroups * sizeof(gid_t)); ++ ++ /* get groups list of mount triggering process */ ++ getgrouplist(tsv->user, egid, groups, &ngroups); ++ } ++ + f = fork(); + if (f == 0) { + char **pargv = (char **) argv; +@@ -398,10 +428,13 @@ static int do_spawn(unsigned logopt, uns + if (!tsv->user) + fprintf(stderr, + "warning: can't init groups\n"); +- else if (initgroups(tsv->user, egid) == -1) +- fprintf(stderr, +- "warning: initgroups: %s\n", +- strerror(errno)); ++ else if (groups) { ++ if (setgroups(ngroups, groups) == -1) ++ fprintf(stderr, ++ "warning: setgroups: %s\n", ++ strerror(errno)); ++ free(groups); ++ } + + if (setegid(egid) == -1) + fprintf(stderr, +@@ -436,6 +469,11 @@ static int do_spawn(unsigned logopt, uns + strerror(errno)); + if (pgrp >= 0) + setpgid(0, pgrp); ++ /* Reset groups for trigger of trailing mount */ ++ if (euid && saved_groups) { ++ setgroups(nsaved_groups, saved_groups); ++ free(saved_groups); ++ } + + /* + * The kernel leaves mount type autofs alone because +@@ -474,6 +512,11 @@ done: + pthread_sigmask(SIG_SETMASK, &tmpsig, NULL); + open_mutex_unlock(); + ++ if (groups) ++ free(groups); ++ if (saved_groups) ++ free(saved_groups); ++ + close(pipefd[1]); + + if (f < 0) { diff --git a/SPECS/autofs.spec b/SPECS/autofs.spec index 06ff758..71a39c8 100644 --- a/SPECS/autofs.spec +++ b/SPECS/autofs.spec @@ -8,7 +8,7 @@ Summary: A tool for automatically mounting and unmounting filesystems Name: autofs Version: 5.1.4 -Release: 82%{?dist} +Release: 83%{?dist} Epoch: 1 License: GPLv2+ Group: System Environment/Daemons @@ -266,6 +266,8 @@ Patch238: autofs-5.1.4-make-umount_ent-recognise-forced-umount.patch Patch239: autofs-5.1.8-remove-nonstrict-parameter-from-tree_mapent_umount_offsets.patch Patch240: autofs-5.1.8-fix-handling-of-incorrect-return-from-umount_ent.patch +Patch241: autofs-5.1.8-dont-use-initgroups-at-spawn.patch + %if %{with_systemd} BuildRequires: systemd-units BuildRequires: systemd-devel @@ -572,6 +574,7 @@ echo %{version}-%{release} > .version %patch238 -p1 %patch239 -p1 %patch240 -p1 +%patch241 -p1 %build LDFLAGS=-Wl,-z,now @@ -667,6 +670,11 @@ fi %dir /etc/auto.master.d %changelog +* Wed May 18 2022 Ian Kent - 5.1.4-83 +- bz2069097 - libnss_sss: threads stuck at sss_nss_lock from initgroups + - dont use initgroups() at spawn. +- Resolves: rhbz#2069097 + * Tue Feb 15 2022 Ian Kent - 5.1.4-82 - bz2052122 - autofs attempts unmount on directory in use - make umount_ent() recognise forced umount.