73 lines
2.5 KiB
Diff
73 lines
2.5 KiB
Diff
|
commit 33bbeabb40d11a59266e0702adaa6a2e0acb6382
|
||
|
Author: Neil Brown <neilb@suse.de>
|
||
|
Date: Wed Nov 26 12:01:06 2008 -0500
|
||
|
|
||
|
Ensure statd gets started if required when non-root
|
||
|
user mounts an NFS filesystem.
|
||
|
|
||
|
The first time an NFS filesystem is mounted, we start statd from
|
||
|
/sbin/mount.nfs. If this first time is a non-root user doing the
|
||
|
mount, (thanks to e.g. the 'users' option in /etc/fstab)
|
||
|
then we need to be sure that the 'setuid' status from mount.nfs
|
||
|
is inherited through to rpc.statd so that it runs as root.
|
||
|
|
||
|
There are two places where we loose our setuid status due to the shell
|
||
|
(/bin/sh) discarding.
|
||
|
|
||
|
1/ mount.nfs uses "system" to run /usr/sbin/start-statd. This runs a
|
||
|
shell which is likely to drop privileges. So change that code to use
|
||
|
'fork' and 'execl' explicitly.
|
||
|
2/ start-statd is a shell script. To convince the shell to allow the
|
||
|
program to run in privileged mode, we need to add a "-p" flag.
|
||
|
|
||
|
We could just call setuid(getuid()) at some appropriate time, and it
|
||
|
might be worth doing that as well, however I think that getting
|
||
|
rid of 'system()' is a good idea and once that is done, the
|
||
|
adding of '-p' is trivial and sufficient.
|
||
|
|
||
|
Signed-off-by: Neil Brown <neilb@suse.de>
|
||
|
Signed-off-by: Steve Dickson <steved@redhat.com>
|
||
|
|
||
|
diff --git a/utils/mount/network.c b/utils/mount/network.c
|
||
|
index 2db694d..806344c 100644
|
||
|
--- a/utils/mount/network.c
|
||
|
+++ b/utils/mount/network.c
|
||
|
@@ -36,6 +36,7 @@
|
||
|
|
||
|
#include <sys/types.h>
|
||
|
#include <sys/socket.h>
|
||
|
+#include <sys/wait.h>
|
||
|
#include <netinet/in.h>
|
||
|
#include <rpc/rpc.h>
|
||
|
#include <rpc/pmap_prot.h>
|
||
|
@@ -705,7 +706,18 @@ int start_statd(void)
|
||
|
#ifdef START_STATD
|
||
|
if (stat(START_STATD, &stb) == 0) {
|
||
|
if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) {
|
||
|
- system(START_STATD);
|
||
|
+ pid_t pid = fork();
|
||
|
+ switch (pid) {
|
||
|
+ case 0: /* child */
|
||
|
+ execl(START_STATD, START_STATD, NULL);
|
||
|
+ exit(1);
|
||
|
+ case -1: /* error */
|
||
|
+ perror("Fork failed");
|
||
|
+ break;
|
||
|
+ default: /* parent */
|
||
|
+ waitpid(pid, NULL,0);
|
||
|
+ break;
|
||
|
+ }
|
||
|
if (probe_statd())
|
||
|
return 1;
|
||
|
}
|
||
|
diff --git a/utils/statd/start-statd b/utils/statd/start-statd
|
||
|
index 6e7ea04..c7805ee 100644
|
||
|
--- a/utils/statd/start-statd
|
||
|
+++ b/utils/statd/start-statd
|
||
|
@@ -1,4 +1,4 @@
|
||
|
-#!/bin/sh
|
||
|
+#!/bin/sh -p
|
||
|
# nfsmount calls this script when mounting a filesystem with locking
|
||
|
# enabled, but when statd does not seem to be running (based on
|
||
|
# /var/run/rpc.statd.pid).
|