mirror of https://github.com/xzeldon/htop.git
Merge branch 'remove-setuid' of BenBE/htop
This commit is contained in:
commit
12c2337939
|
@ -63,11 +63,11 @@ jobs:
|
||||||
- name: Bootstrap
|
- name: Bootstrap
|
||||||
run: ./autogen.sh
|
run: ./autogen.sh
|
||||||
- name: Configure
|
- name: Configure
|
||||||
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
|
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
|
||||||
- name: Build
|
- name: Build
|
||||||
run: make -k
|
run: make -k
|
||||||
- name: Distcheck
|
- name: Distcheck
|
||||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities'
|
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
|
||||||
|
|
||||||
build-ubuntu-latest-full-featured-clang:
|
build-ubuntu-latest-full-featured-clang:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
@ -85,11 +85,11 @@ jobs:
|
||||||
- name: Bootstrap
|
- name: Bootstrap
|
||||||
run: ./autogen.sh
|
run: ./autogen.sh
|
||||||
- name: Configure
|
- name: Configure
|
||||||
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
|
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
|
||||||
- name: Build
|
- name: Build
|
||||||
run: make -k
|
run: make -k
|
||||||
- name: Distcheck
|
- name: Distcheck
|
||||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities'
|
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
|
||||||
|
|
||||||
build-ubuntu-latest-gcc-static:
|
build-ubuntu-latest-gcc-static:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
@ -104,11 +104,11 @@ jobs:
|
||||||
- name: Bootstrap
|
- name: Bootstrap
|
||||||
run: ./autogen.sh
|
run: ./autogen.sh
|
||||||
- name: Configure
|
- name: Configure
|
||||||
run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities
|
run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities
|
||||||
- name: Build
|
- name: Build
|
||||||
run: make -k
|
run: make -k
|
||||||
- name: Distcheck
|
- name: Distcheck
|
||||||
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities'
|
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities'
|
||||||
|
|
||||||
build-ubuntu-latest-clang-analyzer:
|
build-ubuntu-latest-clang-analyzer:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
@ -126,7 +126,7 @@ jobs:
|
||||||
- name: Bootstrap
|
- name: Bootstrap
|
||||||
run: ./autogen.sh
|
run: ./autogen.sh
|
||||||
- name: Configure
|
- name: Configure
|
||||||
run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
|
run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
|
||||||
- name: Build
|
- name: Build
|
||||||
run: scan-build-11 -analyze-headers --status-bugs make -j"$(nproc)"
|
run: scan-build-11 -analyze-headers --status-bugs make -j"$(nproc)"
|
||||||
|
|
||||||
|
|
31
CRT.c
31
CRT.c
|
@ -658,37 +658,6 @@ static void CRT_handleSIGTERM(int sgn) {
|
||||||
_exit(0);
|
_exit(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_SETUID_ENABLED
|
|
||||||
|
|
||||||
static int CRT_euid = -1;
|
|
||||||
|
|
||||||
static int CRT_egid = -1;
|
|
||||||
|
|
||||||
void CRT_dropPrivileges() {
|
|
||||||
CRT_egid = getegid();
|
|
||||||
CRT_euid = geteuid();
|
|
||||||
if (setegid(getgid()) == -1) {
|
|
||||||
CRT_fatalError("Fatal error: failed dropping group privileges");
|
|
||||||
}
|
|
||||||
if (seteuid(getuid()) == -1) {
|
|
||||||
CRT_fatalError("Fatal error: failed dropping user privileges");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
void CRT_restorePrivileges() {
|
|
||||||
if (CRT_egid == -1 || CRT_euid == -1) {
|
|
||||||
CRT_fatalError("Fatal error: internal inconsistency");
|
|
||||||
}
|
|
||||||
if (setegid(CRT_egid) == -1) {
|
|
||||||
CRT_fatalError("Fatal error: failed restoring group privileges");
|
|
||||||
}
|
|
||||||
if (seteuid(CRT_euid) == -1) {
|
|
||||||
CRT_fatalError("Fatal error: failed restoring user privileges");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* HAVE_SETUID_ENABLED */
|
|
||||||
|
|
||||||
#ifndef NDEBUG
|
#ifndef NDEBUG
|
||||||
|
|
||||||
static int stderrRedirectNewFd = -1;
|
static int stderrRedirectNewFd = -1;
|
||||||
|
|
14
CRT.h
14
CRT.h
|
@ -160,20 +160,6 @@ extern int CRT_scrollWheelVAmount;
|
||||||
|
|
||||||
extern ColorScheme CRT_colorScheme;
|
extern ColorScheme CRT_colorScheme;
|
||||||
|
|
||||||
#ifdef HAVE_SETUID_ENABLED
|
|
||||||
|
|
||||||
void CRT_dropPrivileges(void);
|
|
||||||
|
|
||||||
void CRT_restorePrivileges(void);
|
|
||||||
|
|
||||||
#else /* HAVE_SETUID_ENABLED */
|
|
||||||
|
|
||||||
/* Turn setuid operations into NOPs */
|
|
||||||
static inline void CRT_dropPrivileges(void) { }
|
|
||||||
static inline void CRT_restorePrivileges(void) { }
|
|
||||||
|
|
||||||
#endif /* HAVE_SETUID_ENABLED */
|
|
||||||
|
|
||||||
void CRT_init(const Settings* settings, bool allowUnicode);
|
void CRT_init(const Settings* settings, bool allowUnicode);
|
||||||
|
|
||||||
void CRT_done(void);
|
void CRT_done(void);
|
||||||
|
|
|
@ -8,6 +8,8 @@ What's new in version 3.0.6 (not released yet)
|
||||||
in your htoprc file. Solution: Press I (to invert sort order).
|
in your htoprc file. Solution: Press I (to invert sort order).
|
||||||
This changed setting will be saved by htop on exit as long as it can
|
This changed setting will be saved by htop on exit as long as it can
|
||||||
write to your htoprc file.
|
write to your htoprc file.
|
||||||
|
* The compile-time option to cater specifically for running htop as
|
||||||
|
setuid has been removed.
|
||||||
|
|
||||||
What's new in version 3.0.5
|
What's new in version 3.0.5
|
||||||
|
|
||||||
|
|
|
@ -34,9 +34,7 @@ static void EnvScreen_scan(InfoScreen* this) {
|
||||||
|
|
||||||
Panel_prune(panel);
|
Panel_prune(panel);
|
||||||
|
|
||||||
CRT_dropPrivileges();
|
|
||||||
char* env = Platform_getProcessEnv(this->process->pid);
|
char* env = Platform_getProcessEnv(this->process->pid);
|
||||||
CRT_restorePrivileges();
|
|
||||||
if (env) {
|
if (env) {
|
||||||
for (const char* p = env; *p; p = strrchr(p, 0) + 1)
|
for (const char* p = env; *p; p = strrchr(p, 0) + 1)
|
||||||
InfoScreen_addLine(this, p);
|
InfoScreen_addLine(this, p);
|
||||||
|
|
|
@ -479,10 +479,9 @@ bool Process_isTomb(const Process* this) {
|
||||||
}
|
}
|
||||||
|
|
||||||
bool Process_setPriority(Process* this, int priority) {
|
bool Process_setPriority(Process* this, int priority) {
|
||||||
CRT_dropPrivileges();
|
|
||||||
int old_prio = getpriority(PRIO_PROCESS, this->pid);
|
int old_prio = getpriority(PRIO_PROCESS, this->pid);
|
||||||
int err = setpriority(PRIO_PROCESS, this->pid, priority);
|
int err = setpriority(PRIO_PROCESS, this->pid, priority);
|
||||||
CRT_restorePrivileges();
|
|
||||||
if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
|
if (err == 0 && old_prio != getpriority(PRIO_PROCESS, this->pid)) {
|
||||||
this->nice = priority;
|
this->nice = priority;
|
||||||
}
|
}
|
||||||
|
@ -494,10 +493,7 @@ bool Process_changePriorityBy(Process* this, Arg delta) {
|
||||||
}
|
}
|
||||||
|
|
||||||
bool Process_sendSignal(Process* this, Arg sgn) {
|
bool Process_sendSignal(Process* this, Arg sgn) {
|
||||||
CRT_dropPrivileges();
|
return kill(this->pid, sgn.i) == 0;
|
||||||
bool ok = (kill(this->pid, sgn.i) == 0);
|
|
||||||
CRT_restorePrivileges();
|
|
||||||
return ok;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int Process_pidCompare(const void* v1, const void* v2) {
|
int Process_pidCompare(const void* v1, const void* v2) {
|
||||||
|
|
3
README
3
README
|
@ -58,9 +58,6 @@ By default `make install` will install into `/usr/local`, for changing the path
|
||||||
enable hwloc support for CPU affinity; disables Linux affinity
|
enable hwloc support for CPU affinity; disables Linux affinity
|
||||||
dependency: *libhwloc*
|
dependency: *libhwloc*
|
||||||
default: *no*
|
default: *no*
|
||||||
* `--enable-setuid`:
|
|
||||||
enable setuid support for privilege dropping
|
|
||||||
default: *no*
|
|
||||||
* `--enable-static`:
|
* `--enable-static`:
|
||||||
build a static htop binary; hwloc and delay accounting are not supported
|
build a static htop binary; hwloc and delay accounting are not supported
|
||||||
default: *no*
|
default: *no*
|
||||||
|
|
18
Settings.c
18
Settings.c
|
@ -125,10 +125,7 @@ static void readFields(ProcessField* fields, uint32_t* flags, const char* line)
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool Settings_read(Settings* this, const char* fileName, int initialCpuCount) {
|
static bool Settings_read(Settings* this, const char* fileName, int initialCpuCount) {
|
||||||
FILE* fd;
|
FILE* fd = fopen(fileName, "r");
|
||||||
CRT_dropPrivileges();
|
|
||||||
fd = fopen(fileName, "r");
|
|
||||||
CRT_restorePrivileges();
|
|
||||||
if (!fd)
|
if (!fd)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
@ -284,15 +281,10 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) {
|
||||||
}
|
}
|
||||||
|
|
||||||
bool Settings_write(Settings* this) {
|
bool Settings_write(Settings* this) {
|
||||||
FILE* fd;
|
FILE* fd = fopen(this->filename, "w");
|
||||||
|
if (fd == NULL)
|
||||||
CRT_dropPrivileges();
|
|
||||||
fd = fopen(this->filename, "w");
|
|
||||||
CRT_restorePrivileges();
|
|
||||||
|
|
||||||
if (fd == NULL) {
|
|
||||||
return false;
|
return false;
|
||||||
}
|
|
||||||
fprintf(fd, "# Beware! This file is rewritten by htop when settings are changed in the interface.\n");
|
fprintf(fd, "# Beware! This file is rewritten by htop when settings are changed in the interface.\n");
|
||||||
fprintf(fd, "# The parser is also very primitive, and not human-friendly.\n");
|
fprintf(fd, "# The parser is also very primitive, and not human-friendly.\n");
|
||||||
writeFields(fd, this->fields, "fields");
|
writeFields(fd, this->fields, "fields");
|
||||||
|
@ -410,7 +402,6 @@ Settings* Settings_new(int initialCpuCount) {
|
||||||
htopDir = String_cat(home, "/.config/htop");
|
htopDir = String_cat(home, "/.config/htop");
|
||||||
}
|
}
|
||||||
legacyDotfile = String_cat(home, "/.htoprc");
|
legacyDotfile = String_cat(home, "/.htoprc");
|
||||||
CRT_dropPrivileges();
|
|
||||||
(void) mkdir(configDir, 0700);
|
(void) mkdir(configDir, 0700);
|
||||||
(void) mkdir(htopDir, 0700);
|
(void) mkdir(htopDir, 0700);
|
||||||
free(htopDir);
|
free(htopDir);
|
||||||
|
@ -421,7 +412,6 @@ Settings* Settings_new(int initialCpuCount) {
|
||||||
free(legacyDotfile);
|
free(legacyDotfile);
|
||||||
legacyDotfile = NULL;
|
legacyDotfile = NULL;
|
||||||
}
|
}
|
||||||
CRT_restorePrivileges();
|
|
||||||
}
|
}
|
||||||
this->colorScheme = 0;
|
this->colorScheme = 0;
|
||||||
this->enableMouse = true;
|
this->enableMouse = true;
|
||||||
|
|
|
@ -87,8 +87,6 @@ bool TraceScreen_forkTracer(TraceScreen* this) {
|
||||||
dup2(fdpair[1], STDERR_FILENO);
|
dup2(fdpair[1], STDERR_FILENO);
|
||||||
close(fdpair[1]);
|
close(fdpair[1]);
|
||||||
|
|
||||||
CRT_dropPrivileges();
|
|
||||||
|
|
||||||
char buffer[32] = {0};
|
char buffer[32] = {0};
|
||||||
xSnprintf(buffer, sizeof(buffer), "%d", this->super.process->pid);
|
xSnprintf(buffer, sizeof(buffer), "%d", this->super.process->pid);
|
||||||
execlp("strace", "strace", "-T", "-tt", "-s", "512", "-p", buffer, NULL);
|
execlp("strace", "strace", "-T", "-tt", "-s", "512", "-p", buffer, NULL);
|
||||||
|
|
11
configure.ac
11
configure.ac
|
@ -316,16 +316,6 @@ case "$enable_hwloc" in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
|
||||||
AC_ARG_ENABLE([setuid],
|
|
||||||
[AS_HELP_STRING([--enable-setuid],
|
|
||||||
[enable setuid support for privilege dropping @<:@default=no@:>@])],
|
|
||||||
[],
|
|
||||||
[enable_setuid=no])
|
|
||||||
if test "x$enable_setuid" = xyes; then
|
|
||||||
AC_DEFINE([HAVE_SETUID_ENABLED], [1], [Define if setuid support should be enabled.])
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ----------------------------------------------------------------------
|
# ----------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
@ -628,7 +618,6 @@ AC_MSG_RESULT([
|
||||||
(Linux) capabilities: $enable_capabilities
|
(Linux) capabilities: $enable_capabilities
|
||||||
unicode: $enable_unicode
|
unicode: $enable_unicode
|
||||||
hwloc: $enable_hwloc
|
hwloc: $enable_hwloc
|
||||||
setuid: $enable_setuid
|
|
||||||
debug: $enable_debug
|
debug: $enable_debug
|
||||||
static: $enable_static
|
static: $enable_static
|
||||||
])
|
])
|
||||||
|
|
Loading…
Reference in New Issue