[patch 6/10] Use setfsuid() rather than seteuid() while creating contexts

[kwc at citi.umich.edu]

Signed-off-by: Kevin Coffman <kwc at citi.umich.edu>

As suggested by Olaf Kirch <okir at suse.de>, use setfsuid() rather than
seteuid() when creating a gss context.  This prevents users from using
credentials that do not belong to them, while also preventing them from
doing things like killing, renicing, or changing the priority of the
gssd process while it is processing the context creation.


---

 nfs-utils-1.0.9-pre1-kwc/utils/gssd/gssd_proc.c |   14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)

diff -puN utils/gssd/gssd_proc.c~gssd_setfsuid_not_seteuid utils/gssd/gssd_proc.c
--- nfs-utils-1.0.9-pre1/utils/gssd/gssd_proc.c~gssd_setfsuid_not_seteuid	2006-07-03 18:18:41.685081000 -0400
+++ nfs-utils-1.0.9-pre1-kwc/utils/gssd/gssd_proc.c	2006-07-03 18:18:41.719081000 -0400
@@ -493,13 +493,13 @@ int create_auth_rpc_client(struct clnt_i
 
 	/* Create the context as the user (not as root) */
 	save_uid = geteuid();
-	if (seteuid(uid) != 0) {
-		printerr(0, "WARNING: Failed to seteuid for "
+	if (setfsuid(uid) != 0) {
+		printerr(0, "WARNING: Failed to setfsuid for "
 			    "user with uid %d\n", uid);
 		goto out_fail;
 	}
-	printerr(2, "creating context using euid %d (save_uid %d)\n",
-			geteuid(), save_uid);
+	printerr(2, "creating context using fsuid %d (save_uid %d)\n",
+			uid, save_uid);
 
 	sec.qop = GSS_C_QOP_DEFAULT;
 	sec.svc = RPCSEC_GSS_SVC_NONE;
@@ -646,9 +646,9 @@ int create_auth_rpc_client(struct clnt_i
 		gss_release_cred(&min_stat, &sec.cred);
   	if (a != NULL) freeaddrinfo(a);
 	/* Restore euid to original value */
-	if ((save_uid != -1) && (seteuid(save_uid) != 0)) {
-		printerr(0, "WARNING: Failed to restore euid"
-			    " to uid %d\n", save_uid);
+	if ((save_uid != -1) && (setfsuid(save_uid) != uid)) {
+		printerr(0, "WARNING: Failed to restore fsuid"
+			    " to uid %d from %d\n", save_uid, uid);
 	}
 	return retval;
 

_