mirror of https://github.com/xzeldon/htop.git
Merge branch 'remove-setuid' of BenBE/htop
This commit is contained in:
commit
12c2337939
|
@ -63,11 +63,11 @@ jobs:
|
|||
- name: Bootstrap
|
||||
run: ./autogen.sh
|
||||
- name: Configure
|
||||
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
|
||||
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
|
||||
- name: Build
|
||||
run: make -k
|
||||
- name: Distcheck
|
||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities'
|
||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
|
||||
|
||||
build-ubuntu-latest-full-featured-clang:
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -85,11 +85,11 @@ jobs:
|
|||
- name: Bootstrap
|
||||
run: ./autogen.sh
|
||||
- name: Configure
|
||||
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
|
||||
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
|
||||
- name: Build
|
||||
run: make -k
|
||||
- name: Distcheck
|
||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities'
|
||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
|
||||
|
||||
build-ubuntu-latest-gcc-static:
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -104,11 +104,11 @@ jobs:
|
|||
- name: Bootstrap
|
||||
run: ./autogen.sh
|
||||
- name: Configure
|
||||
run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities
|
||||
run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities
|
||||
- name: Build
|
||||
run: make -k
|
||||
- name: Distcheck
|
||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities'
|
||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities'
|
||||
|
||||
build-ubuntu-latest-clang-analyzer:
|
||||
runs-on: ubuntu-latest
|
||||
|
@ -126,7 +126,7 @@ jobs:
|
|||
- name: Bootstrap
|
||||
run: ./autogen.sh
|
||||
- name: Configure
|
||||
run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
|
||||
run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
|
||||
- name: Build
|
||||
run: scan-build-11 -analyze-headers --status-bugs make -j"$(nproc)"
|
||||
|
||||
|
|
31
CRT.c
31
CRT.c
|
@ -658,37 +658,6 @@ static void CRT_handleSIGTERM(int sgn) {
|
|||
_exit(0);
|
||||
}
|
||||
|
||||
#ifdef HAVE_SETUID_ENABLED
|
||||
|
||||
static int CRT_euid = -1;
|
||||
|
||||
static int CRT_egid = -1;
|
||||
|
||||
void CRT_dropPrivileges() {
|
||||
CRT_egid = getegid();
|
||||
CRT_euid = geteuid();
|
||||
if (setegid(getgid()) == -1) {
|
||||
CRT_fatalError("Fatal error: failed dropping group privileges");
|
||||
}
|
||||
if (seteuid(getuid()) == -1) {
|
||||
CRT_fatalError("Fatal error: failed dropping user privileges");
|
||||
}
|
||||
}
|
||||
|
||||
void CRT_restorePrivileges() {
|
||||
if (CRT_egid == -1 || CRT_euid == -1) {
|
||||
CRT_fatalError("Fatal error: internal inconsistency");
|
||||
}
|
||||
if (setegid(CRT_egid) == -1) {
|
||||
CRT_fatalError("Fatal error: failed restoring group privileges");
|
||||
}
|
||||
if (seteuid(CRT_euid) == -1) {
|
||||
CRT_fatalError("Fatal error: failed restoring user privileges");
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_SETUID_ENABLED */
|
||||
|
||||
#ifndef NDEBUG
|
||||
|
||||
static int stderrRedirectNewFd = -1;
|
||||
|
|
14
CRT.h
14
CRT.h
|
@ -160,20 +160,6 @@ extern int CRT_scrollWheelVAmount;
|
|||
|
||||
extern ColorScheme CRT_colorScheme;
|
||||
|
||||
#ifdef HAVE_SETUID_ENABLED
|
||||
|
||||
void CRT_dropPrivileges(void);
|
||||
|
||||
void CRT_restorePrivileges(void);
|
||||
|
||||
#else /* HAVE_SETUID_ENABLED */
|
||||
|
||||
/* Turn setuid operations into NOPs */
|
||||
static inline void CRT_dropPrivileges(void) { }
|
||||
static inline void CRT_restorePrivileges(void) { }
|
||||
|
||||
#endif /* HAVE_SETUID_ENABLED */
|
||||
|
||||
void CRT_init(const Settings* settings, bool allowUnicode);
|
||||
|
||||
void CRT_done(void);
|
||||
|
|
|
@ -8,6 +8,8 @@ What's new in version 3.0.6 (not released yet)
|
|||
in your htoprc file. Solution: Press I (to invert sort order).
|
||||
This changed setting will be saved by htop on exit as long as it can
|
||||
write to your htoprc file.
|
||||
* The compile-time option to cater specifically for running htop as
|
||||
setuid has been removed.
|
||||
|
||||
What's new in version 3.0.5
|
||||
|
||||
|
|
|
@ -34,9 +34,7 @@ static void EnvScreen_scan(InfoScreen* this) {
|
|||
|
||||
Panel_prune(panel);
|
||||
|
||||
CRT_dropPrivileges();
|
||||
char* env = Platform_getProcessEnv(this->process->pid);
|
||||
CRT_restorePrivileges();
|
||||
if (env) {
|
||||
for (const char* p = env; *p; p = strrchr(p, 0) + 1)
|
||||
InfoScreen_addLine(this, p);
|
||||
|
|
|
@ -479,10 +479,9 @@ bool Process_isTomb(const Process* this) {
|
|||
}
|
||||
|
||||
bool Process_setPriority(Process* this, int priority) {
|
||||
CRT_dropPrivileges();
|
||||
int old_prio = getpriority(PRIO_PROCESS, this->pid);
|
||||
int err = setpriority(PRIO_PROCESS, this->pid, priority);
|
||||
CRT_restorePrivileges();
|
||||
|
||||
if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
|
||||
this->nice = priority;
|
||||
}
|
||||
|
@ -494,10 +493,7 @@ bool Process_changePriorityBy(Process* this, Arg delta) {
|
|||
}
|
||||
|
||||
bool Process_sendSignal(Process* this, Arg sgn) {
|
||||
CRT_dropPrivileges();
|
||||
bool ok = (kill(this->pid, sgn.i) == 0);
|
||||
CRT_restorePrivileges();
|
||||
return ok;
|
||||
return kill(this->pid, sgn.i) == 0;
|
||||
}
|
||||
|
||||
int Process_pidCompare(const void* v1, const void* v2) {
|
||||
|
|
3
README
3
README
|
@ -58,9 +58,6 @@ By default `make install` will install into `/usr/local`, for changing the path
|
|||
enable hwloc support for CPU affinity; disables Linux affinity
|
||||
dependency: *libhwloc*
|
||||
default: *no*
|
||||
* `--enable-setuid`:
|
||||
enable setuid support for privilege dropping
|
||||
default: *no*
|
||||
* `--enable-static`:
|
||||
build a static htop binary; hwloc and delay accounting are not supported
|
||||
default: *no*
|
||||
|
|
18
Settings.c
18
Settings.c
|
@ -125,10 +125,7 @@ static void readFields(ProcessField* fields, uint32_t* flags, const char* line)
|
|||
}
|
||||
|
||||
static bool Settings_read(Settings* this, const char* fileName, int initialCpuCount) {
|
||||
FILE* fd;
|
||||
CRT_dropPrivileges();
|
||||
fd = fopen(fileName, "r");
|
||||
CRT_restorePrivileges();
|
||||
FILE* fd = fopen(fileName, "r");
|
||||
if (!fd)
|
||||
return false;
|
||||
|
||||
|
@ -284,15 +281,10 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) {
|
|||
}
|
||||
|
||||
bool Settings_write(Settings* this) {
|
||||
FILE* fd;
|
||||
|
||||
CRT_dropPrivileges();
|
||||
fd = fopen(this->filename, "w");
|
||||
CRT_restorePrivileges();
|
||||
|
||||
if (fd == NULL) {
|
||||
FILE* fd = fopen(this->filename, "w");
|
||||
if (fd == NULL)
|
||||
return false;
|
||||
}
|
||||
|
||||
fprintf(fd, "# Beware! This file is rewritten by htop when settings are changed in the interface.\n");
|
||||
fprintf(fd, "# The parser is also very primitive, and not human-friendly.\n");
|
||||
writeFields(fd, this->fields, "fields");
|
||||
|
@ -410,7 +402,6 @@ Settings* Settings_new(int initialCpuCount) {
|
|||
htopDir = String_cat(home, "/.config/htop");
|
||||
}
|
||||
legacyDotfile = String_cat(home, "/.htoprc");
|
||||
CRT_dropPrivileges();
|
||||
(void) mkdir(configDir, 0700);
|
||||
(void) mkdir(htopDir, 0700);
|
||||
free(htopDir);
|
||||
|
@ -421,7 +412,6 @@ Settings* Settings_new(int initialCpuCount) {
|
|||
free(legacyDotfile);
|
||||
legacyDotfile = NULL;
|
||||
}
|
||||
CRT_restorePrivileges();
|
||||
}
|
||||
this->colorScheme = 0;
|
||||
this->enableMouse = true;
|
||||
|
|
|
@ -87,8 +87,6 @@ bool TraceScreen_forkTracer(TraceScreen* this) {
|
|||
dup2(fdpair[1], STDERR_FILENO);
|
||||
close(fdpair[1]);
|
||||
|
||||
CRT_dropPrivileges();
|
||||
|
||||
char buffer[32] = {0};
|
||||
xSnprintf(buffer, sizeof(buffer), "%d", this->super.process->pid);
|
||||
execlp("strace", "strace", "-T", "-tt", "-s", "512", "-p", buffer, NULL);
|
||||
|
|
11
configure.ac
11
configure.ac
|
@ -316,16 +316,6 @@ case "$enable_hwloc" in
|
|||
;;
|
||||
esac
|
||||
|
||||
|
||||
AC_ARG_ENABLE([setuid],
|
||||
[AS_HELP_STRING([--enable-setuid],
|
||||
[enable setuid support for privilege dropping @<:@default=no@:>@])],
|
||||
[],
|
||||
[enable_setuid=no])
|
||||
if test "x$enable_setuid" = xyes; then
|
||||
AC_DEFINE([HAVE_SETUID_ENABLED], [1], [Define if setuid support should be enabled.])
|
||||
fi
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
|
||||
|
||||
|
@ -628,7 +618,6 @@ AC_MSG_RESULT([
|
|||
(Linux) capabilities: $enable_capabilities
|
||||
unicode: $enable_unicode
|
||||
hwloc: $enable_hwloc
|
||||
setuid: $enable_setuid
|
||||
debug: $enable_debug
|
||||
static: $enable_static
|
||||
])
|
||||
|
|
Loading…
Reference in New Issue