nfs-utils/0001-mount-run-START_STATD-fully-as-root.patch

From 8714f14c1966612d073d922d86a394c424eda724 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb@suse.com>
Date: Fri, 22 Apr 2016 09:13:31 +1000
Subject: [PATCH] mount: run START_STATD fully as root

If a "user" mount is the first NFSv3 mount, mount.nfs will be running
setuid to root (with non-root as the real-uid) when it executes START_STATD.

start-statd is a shell script and many shells refuse to run setuid,
dropping privileges immediately.  This results in start-statd running
as an unprivileged user and so statd fails to start.

To fix this, call "setuid(0)" to set real uid to zero.  Also call "setgid(0)"
for consistency.

The behaviour of a shell can often be affected by the environment,
such as the "shell functions" that bash includes from the environment.
To avoid the user being able to pass such environment to the shell,
explicitly pass an empty environment.  The start-statd script explicitly
sets the PATH which is all it really needs.

Signed-off-by: NeilBrown <neilb@suse.com>
---
 utils/mount/network.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/utils/mount/network.c b/utils/mount/network.c
index 7240ca7bcdc4..0d12613e86a4 100644
--- a/utils/mount/network.c
+++ b/utils/mount/network.c
@@ -795,6 +795,7 @@ int start_statd(void)
 		if (S_ISREG(stb.st_mode) && (stb.st_mode & S_IXUSR)) {
 			int cnt = STATD_TIMEOUT * 10;
 			int status = 0;
+			char * const envp[1] = { NULL };
 			const struct timespec ts = {
 				.tv_sec = 0,
 				.tv_nsec = 100000000,
@@ -802,7 +803,9 @@ int start_statd(void)
 			pid_t pid = fork();
 			switch (pid) {
 			case 0: /* child */
-				execl(START_STATD, START_STATD, NULL);
+				setgid(0);
+				setuid(0);
+				execle(START_STATD, START_STATD, NULL, envp);
 				exit(1);
 			case -1: /* error */
 				nfs_error(_("%s: fork failed: %s"),
-- 
2.8.1