Some krb5 routines will attempt to access files in the user's home
directory. This is problematic for gssd when the user's homedir is
on a kerberized NFS mount as it will end up deadlocked.
Fix this by setting $HOME unconditionally to "/".
Fixes this Fedora bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1052902
Reported-by: Enrico Scholz <rh-bugzilla@xxxxxxx>
Reported-by: nmorey <nmorey@xxxxxxxxx>
Tested-by: Michael Young <m.a.young@xxxxxxxxxxxx>
Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
---
utils/gssd/gssd.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index fdad153..611ef1a 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -46,6 +46,7 @@
#include <unistd.h>
#include <err.h>
+#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -161,6 +162,18 @@ main(int argc, char *argv[])
}
}
+ /*
+ * Some krb5 routines try to scrape info out of files in the user's
+ * home directory. This can easily deadlock when that homedir is on a
+ * kerberized NFS mount. By setting $HOME unconditionally to "/", we
+ * prevent this behavior in routines that use $HOME in preference to
+ * the results of getpw*.
+ */
+ if (setenv("HOME", "/", 1)) {
+ printerr(1, "Unable to set $HOME: %s\n", strerror(errno));
+ exit(1);
+ }
+
i = 0;
ccachesearch[i++] = strtok(ccachedir, ":");
do {
--
1.8.4.2
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
