autofs/autofs-5.1.8-dont-use-initgroups-at-spawn.patch

autofs-5.1.8 - dont use initgroups() at spawn

From: Ian Kent <raven@themaw.net>

The initgroups(3) function isn't safe to use between fork() and
exec() in a threaded program.

Using it this way often leads to a hang for even moderate work
loads.

But the getgrouplist()/setgroups() combination can be used safely
in this case and this patch changes autofs to use these (the safety
of using of setgroups() is yet to to be documented).

A large portion of the work on this patch has been contributed
by Roberto Bergantinos <rbergant@redhat.com>.

Reported-by: Roberto Bergantinos <rbergant@redhat.com>
Fixes: 6343a3292020 ("autofs-5.1.3 - fix ordering of seteuid/setegid in do_spawn()")
Signed-off-by: Roberto Bergantinos <rbergant@redhat.com>
Signed-off-by: Ian Kent <raven@themaw.net>
---
 CHANGELOG      |    1 +
 daemon/spawn.c |   51 +++++++++++++++++++++++++++++++++++++++++++++++----
 2 files changed, 48 insertions(+), 4 deletions(-)

--- autofs-5.1.7.orig/CHANGELOG
+++ autofs-5.1.7/CHANGELOG
@@ -101,6 +101,7 @@
 - also require TCP_REQUESTED when setting NFS port.
 - bailout on rpc systemerror.
 - fix nfsv4 only mounts should not use rpcbind.
+- dont use initgroups() at spawn.
 
 25/01/2021 autofs-5.1.7
 - make bind mounts propagation slave by default.
--- autofs-5.1.7.orig/daemon/spawn.c
+++ autofs-5.1.7/daemon/spawn.c
@@ -26,6 +26,7 @@
 #include <sys/wait.h>
 #include <sys/stat.h>
 #include <sys/mount.h>
+#include <pwd.h>
 
 #include "automount.h"
 
@@ -335,6 +336,10 @@ static int do_spawn(unsigned logopt, uns
 	struct thread_stdenv_vars *tsv;
 	pid_t euid = 0;
 	gid_t egid = 0;
+	gid_t *groups = NULL;
+	gid_t *saved_groups = NULL;
+	int ngroups = 0;
+	int nsaved_groups = 0;
 
 	if (open_pipe(pipefd))
 		return -1;
@@ -357,6 +362,31 @@ static int do_spawn(unsigned logopt, uns
 	}
 
 	open_mutex_lock();
+
+	if (euid) {
+		struct passwd *pwd;
+
+		pwd = getpwuid(getuid());
+		if (!pwd)
+			fprintf(stderr,
+				"warning: getpwuid: can't get current username\n");
+		else {
+			/* get number of groups for current gid */
+			getgrouplist(pwd->pw_name, getgid(), NULL, &nsaved_groups);
+			saved_groups = malloc(nsaved_groups * sizeof(gid_t));
+
+			/* get current gid groups list */
+			getgrouplist(pwd->pw_name, getgid(), saved_groups, &nsaved_groups);
+		}
+
+		/* get number of groups of mount triggering process */
+		getgrouplist(tsv->user, egid, NULL, &ngroups);
+		groups = malloc(ngroups * sizeof(gid_t));
+
+		/* get groups list of mount triggering process */
+		getgrouplist(tsv->user, egid, groups, &ngroups);
+	}
+
 	f = fork();
 	if (f == 0) {
 		char **pargv = (char **) argv;
@@ -398,10 +428,13 @@ static int do_spawn(unsigned logopt, uns
 				if (!tsv->user)
 					fprintf(stderr,
 						"warning: can't init groups\n");
-				else if (initgroups(tsv->user, egid) == -1)
-					fprintf(stderr,
-						"warning: initgroups: %s\n",
-						strerror(errno));
+				else if (groups) {
+					if (setgroups(ngroups, groups) == -1)
+						fprintf(stderr,
+							"warning: setgroups: %s\n",
+							strerror(errno));
+					free(groups);
+				}
 
 				if (setegid(egid) == -1)
 					fprintf(stderr,
@@ -436,6 +469,11 @@ static int do_spawn(unsigned logopt, uns
 					strerror(errno));
 			if (pgrp >= 0)
 				setpgid(0, pgrp);
+			/* Reset groups for trigger of trailing mount */
+			if (euid && saved_groups) {
+				setgroups(nsaved_groups, saved_groups);
+				free(saved_groups);
+			}
 
 			/*
 			 * The kernel leaves mount type autofs alone because
@@ -474,6 +512,11 @@ done:
 		pthread_sigmask(SIG_SETMASK, &tmpsig, NULL);
 		open_mutex_unlock();
 
+		if (groups)
+			free(groups);
+		if (saved_groups)
+			free(saved_groups);
+
 		close(pipefd[1]);
 
 		if (f < 0) {