From 2f682f25c642fcfe7c511d04bc9d67e732282348 Mon Sep 17 00:00:00 2001
From: Jeff Layton <jlayton@redhat.com>
Date: Wed, 22 Jan 2014 11:17:19 -0500
Subject: gssd: set $HOME to prevent recursion when home dirs are on kerberized
 NFS mount

Some krb5 routines will attempt to access files in the user's home
directory. This is problematic for gssd when the user's homedir is
on a kerberized NFS mount as it will end up deadlocked.

Fix this by setting $HOME unconditionally to "/".

Fixes this Fedora bug:

    https://bugzilla.redhat.com/show_bug.cgi?id=1052902

Reported-by: Enrico Scholz <rh-bugzilla@ensc.de>
Reported-by: nmorey <nmorey@kalray.eu>
Tested-by: Michael Young <m.a.young@durham.ac.uk>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
---
 utils/gssd/gssd.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/utils/gssd/gssd.c b/utils/gssd/gssd.c
index fdad153..611ef1a 100644
--- a/utils/gssd/gssd.c
+++ b/utils/gssd/gssd.c
@@ -46,6 +46,7 @@
 
 #include <unistd.h>
 #include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -161,6 +162,18 @@ main(int argc, char *argv[])
 		}
 	}
 
+	/*
+	 * Some krb5 routines try to scrape info out of files in the user's
+	 * home directory. This can easily deadlock when that homedir is on a
+	 * kerberized NFS mount. By setting $HOME unconditionally to "/", we
+	 * prevent this behavior in routines that use $HOME in preference to
+	 * the results of getpw*.
+	 */
+	if (setenv("HOME", "/", 1)) {
+		printerr(1, "Unable to set $HOME: %s\n", strerror(errno));
+		exit(1);
+	}
+
 	i = 0;
 	ccachesearch[i++] = strtok(ccachedir, ":");
 	do {
-- 
cgit