From b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6 Mon Sep 17 00:00:00 2001 From: Prasanna Kumar Kalever Date: Thu, 14 May 2015 12:10:01 +0530 Subject: fuse: fix return value check for setuid setuid() sets the effective user ID of the calling process. If the effective UID of the caller is root, the real UID and saved set-user-ID are also set. On success, zero is returned. On error, -1 is returned, and errno is set appropriately. there are cases where setuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return from setuid(). if an environment limits the number of processes a user can have, setuid() might fail if the target uid already is at the limit. Fix is to check return value of setuid. Change-Id: I7aa5ab5e347603c69dc93188417cc4f4c81ffc75 BUG: 1221490 Signed-off-by: Prasanna Kumar Kalever Reviewed-on: http://review.gluster.org/10780 Reviewed-by: Prasanna Kumar Kalever Tested-by: Prasanna Kumar Kalever Reviewed-by: Niels de Vos Tested-by: Gluster Build System Reviewed-by: Gaurav Kumar Garg --- contrib/fuse-lib/mount-common.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/contrib/fuse-lib/mount-common.c b/contrib/fuse-lib/mount-common.c index c436cb16a5..e9f80fe815 100644 --- a/contrib/fuse-lib/mount-common.c +++ b/contrib/fuse-lib/mount-common.c @@ -105,7 +105,11 @@ fuse_mnt_add_mount (const char *progname, const char *fsname, char *tmp; sigprocmask (SIG_SETMASK, &oldmask, NULL); - setuid (geteuid ()); + res = setuid (geteuid ()); + if (res != 0) { + GFFUSE_LOGERR ("%s: setuid: %s", progname, strerror (errno)); + exit (1); + } /* * hide in a directory, where mount isn't able to resolve @@ -245,7 +249,11 @@ fuse_mnt_umount (const char *progname, const char *abs_mnt, } if (res == 0) { sigprocmask (SIG_SETMASK, &oldmask, NULL); - setuid (geteuid ()); + res = setuid (geteuid ()); + if (res != 0) { + GFFUSE_LOGERR ("%s: setuid: %s", progname, strerror (errno)); + exit (1); + } #ifdef GF_LINUX_HOST_OS execl ("/bin/umount", "/bin/umount", "-i", rel_mnt, lazy ? "-l" : NULL, NULL); -- cgit