It is generally wise to call setgroups() (and setgid()) before calling
setuid() to ensure no unexpected permission leaks happen.
SUSE's build system checks all binaries for conformance with this
and generates a warning for mountd.
As we are setting the uid to 0, there is no risk that the group list
will provide extra permissions, so there is no real risk here.
But it is nice to silence warnings, and including a setgroups()
call is probably a good practice to encourage.
Signed-off-by: NeilBrown <neilb@xxxxxxxx>
---
utils/mount/network.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/utils/mount/network.c b/utils/mount/network.c
index d1c8fec75174..281e9354a7fa 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -33,6 +33,7 @@
#include <errno.h>
#include <netdb.h>
#include <time.h>
+#include <grp.h>
#include <sys/types.h>
#include <sys/socket.h>
@@ -804,6 +805,7 @@ int start_statd(void)
pid_t pid = fork();
switch (pid) {
case 0: /* child */
+ setgroups(0, NULL);
setgid(0);
setuid(0);
execle(START_STATD, START_STATD, NULL, envp);
--
2.11.0
Attachment:
signature.asc
Description: PGP signature
