[Bugs] [Bug 1254503] fuse: check return value of setuid

bugzilla at redhat.com bugzilla at redhat.com
Sat Aug 29 17:02:20 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1254503



--- Comment #3 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/11950 committed in release-3.7 by Niels de
Vos (ndevos at redhat.com) 
------
commit 5137feb6e0ab6c9b0aad1e8410397243e9f2619c
Author: Prasanna Kumar Kalever <prasanna.kalever at redhat.com>
Date:   Thu May 14 12:10:01 2015 +0530

    fuse: fix return value check for setuid

    setuid() sets the effective user ID of the calling process. If the
    effective UID of the caller is root, the real UID and saved set-user-ID
    are also set. On success, zero is returned.  On error, -1 is returned,
    and errno is set appropriately.

    there are cases where setuid() can fail even when the caller is UID 0;
    it is a grave security error to omit checking for a failure return from
    setuid(). if an environment limits the number of processes a user can
    have, setuid() might fail if the target uid already is at the limit.

    Fix is to check return value of setuid.

    Backport:
    >Change-Id: I7aa5ab5e347603c69dc93188417cc4f4c81ffc75
    >BUG: 1221490
    >Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever at redhat.com>
    >Reviewed-on: http://review.gluster.org/10780
    >Reviewed-by: Prasanna Kumar Kalever
    >Tested-by: Prasanna Kumar Kalever
    >Reviewed-by: Niels de Vos <ndevos at redhat.com>
    >Tested-by: Gluster Build System <jenkins at build.gluster.com>
    >Reviewed-by: Gaurav Kumar Garg <ggarg at redhat.com>
    >(cherry picked from commit b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6)

    Change-Id: I5643ccecb56ea1d3c16de57bace3f5481931a539
    BUG: 1254503
    Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever at redhat.com>
    Reviewed-on: http://review.gluster.org/11950
    Reviewed-by: Niels de Vos <ndevos at redhat.com>
    Tested-by: Gluster Build System <jenkins at build.gluster.com>
    Tested-by: NetBSD Build System <jenkins at build.gluster.org>

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Zycab765sb&a=cc_unsubscribe

More information about the Bugs mailing list