git.decadent.org.uk Git - nfs-utils.git/commit

author	NeilBrown <neilb@suse.de>
	Tue, 28 Jun 2011 15:36:31 +0000 (11:36 -0400)
committer	Steve Dickson <steved@redhat.com>
	Wed, 29 Jun 2011 14:18:30 +0000 (10:18 -0400)
commit	b3e190c4adfc9ec47567c968bd000d282d07b05e
tree	7f263d615ebc695a48b980a639f7e1f38b666ebc	tree \| snapshot
parent	a99b7846e2abec5e26ab6b764b921d79559e0a0f	commit \| diff

mount: improve signal management when locking mtab

As mount.nfs can run setuid it must be careful about how the user can
interact with in.  In particular it needs to ensure it does not
respond badly to any signals that the user might be able to generate.

This is particularly an issue while updating /etc/mtab (when that is
not linked to /proc/mounts).  If the user can generate a signal which
kills mount.nfs while /etc/mtab is locked, then it will leave the file
locked, and could possibly corrupt mtab (particularly if 'ulimit 1'
was previously issued).

Currently lock_mtab does set some handlers for signals, but not
enough.  It arranges for every signal up to (but not including)
SIGCHLD to cause mount.nfs to unlock mdadm promptly exit ... even if
the default behaviour would be to ignore the signal.  SIGALRM is
handled specially, and signals after SIGCHLD are left with their
default behaviour.  This includes for example SIGXFSZ which can be
generated by the user running "ulimit 1".

So: change this so that some signals are left unchanged, SIGALRM is
handled as required, and all signals that the user can generate are
explicitly ignored.

The remainder still cause mount.nfs to print a message, unlock mtab, and
exit.

Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>