fuse: fix return value check for setuid

setuid() sets the effective user ID of the calling process. If the
effective UID of the caller is root, the real UID and saved set-user-ID
are also set. On success, zero is returned.  On error, -1 is returned,
and errno is set appropriately.

there are cases where setuid() can fail even when the caller is UID 0;
it is a grave security error to omit checking for a failure return from
setuid(). if an environment limits the number of processes a user can
have, setuid() might fail if the target uid already is at the limit.

Fix is to check return value of setuid.

Backport:
>Change-Id: I7aa5ab5e347603c69dc93188417cc4f4c81ffc75
>BUG: 1221490
>Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
>Reviewed-on: http://review.gluster.org/10780
>Reviewed-by: Prasanna Kumar Kalever
>Tested-by: Prasanna Kumar Kalever
>Reviewed-by: Niels de Vos <ndevos@redhat.com>
>Tested-by: Gluster Build System <jenkins@build.gluster.com>
>Reviewed-by: Gaurav Kumar Garg <ggarg@redhat.com>
>(cherry picked from commit b5ceb1a9de9af563b0f91e2a3138fa5a95cad9f6)

Change-Id: I5643ccecb56ea1d3c16de57bace3f5481931a539
BUG: 1254503
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/11950
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>

1 files changed, 10 insertions, 2 deletions

diff --git a/contrib/fuse-lib/mount-common.c b/contrib/fuse-lib/mount-common.c
index c436cb16a5c..e9f80fe8154 100644
--- a/contrib/fuse-lib/mount-common.c
+++ b/contrib/fuse-lib/mount-common.c
@@ -105,7 +105,11 @@ fuse_mnt_add_mount (const char *progname, const char *fsname,
                 char *tmp;
 
                 sigprocmask (SIG_SETMASK, &oldmask, NULL);
-                setuid (geteuid ());
+                res = setuid (geteuid ());
+                if (res != 0) {
+                        GFFUSE_LOGERR ("%s: setuid: %s", progname, strerror (errno));
+                        exit (1);
+                }
 
                 /*
                  * hide in a directory, where mount isn't able to resolve
@@ -245,7 +249,11 @@ fuse_mnt_umount (const char *progname, const char *abs_mnt,
         }
         if (res == 0) {
                 sigprocmask (SIG_SETMASK, &oldmask, NULL);
-                setuid (geteuid ());
+                res = setuid (geteuid ());
+                if (res != 0) {
+                        GFFUSE_LOGERR ("%s: setuid: %s", progname, strerror (errno));
+                        exit (1);
+                }
 #ifdef GF_LINUX_HOST_OS
                 execl ("/bin/umount", "/bin/umount", "-i", rel_mnt,
                        lazy ? "-l" : NULL, NULL);