Remove setuid support

This support was rarely ever used and has been disabled by default for some time.

As far as the developer team is aware there's no distribution that activated this
feature in their packages by default.
This commit is contained in:
Benny Baumann 2021-02-16 19:34:42 +01:00
parent b1befa3287
commit a73064dda9
5 changed files with 7 additions and 63 deletions

View File

@ -63,11 +63,11 @@ jobs:
- name: Bootstrap - name: Bootstrap
run: ./autogen.sh run: ./autogen.sh
- name: Configure - name: Configure
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
- name: Build - name: Build
run: make -k run: make -k
- name: Distcheck - name: Distcheck
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities' run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
build-ubuntu-latest-full-featured-clang: build-ubuntu-latest-full-featured-clang:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -85,11 +85,11 @@ jobs:
- name: Bootstrap - name: Bootstrap
run: ./autogen.sh run: ./autogen.sh
- name: Configure - name: Configure
run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
- name: Build - name: Build
run: make -k run: make -k
- name: Distcheck - name: Distcheck
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities' run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
build-ubuntu-latest-gcc-static: build-ubuntu-latest-gcc-static:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -104,11 +104,11 @@ jobs:
- name: Bootstrap - name: Bootstrap
run: ./autogen.sh run: ./autogen.sh
- name: Configure - name: Configure
run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities
- name: Build - name: Build
run: make -k run: make -k
- name: Distcheck - name: Distcheck
run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities' run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities'
build-ubuntu-latest-clang-analyzer: build-ubuntu-latest-clang-analyzer:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -126,7 +126,7 @@ jobs:
- name: Bootstrap - name: Bootstrap
run: ./autogen.sh run: ./autogen.sh
- name: Configure - name: Configure
run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
- name: Build - name: Build
run: scan-build-11 -analyze-headers --status-bugs make -j"$(nproc)" run: scan-build-11 -analyze-headers --status-bugs make -j"$(nproc)"

31
CRT.c
View File

@ -658,37 +658,6 @@ static void CRT_handleSIGTERM(int sgn) {
_exit(0); _exit(0);
} }
#ifdef HAVE_SETUID_ENABLED
static int CRT_euid = -1;
static int CRT_egid = -1;
void CRT_dropPrivileges() {
CRT_egid = getegid();
CRT_euid = geteuid();
if (setegid(getgid()) == -1) {
CRT_fatalError("Fatal error: failed dropping group privileges");
}
if (seteuid(getuid()) == -1) {
CRT_fatalError("Fatal error: failed dropping user privileges");
}
}
void CRT_restorePrivileges() {
if (CRT_egid == -1 || CRT_euid == -1) {
CRT_fatalError("Fatal error: internal inconsistency");
}
if (setegid(CRT_egid) == -1) {
CRT_fatalError("Fatal error: failed restoring group privileges");
}
if (seteuid(CRT_euid) == -1) {
CRT_fatalError("Fatal error: failed restoring user privileges");
}
}
#endif /* HAVE_SETUID_ENABLED */
#ifndef NDEBUG #ifndef NDEBUG
static int stderrRedirectNewFd = -1; static int stderrRedirectNewFd = -1;

11
CRT.h
View File

@ -160,20 +160,9 @@ extern int CRT_scrollWheelVAmount;
extern ColorScheme CRT_colorScheme; extern ColorScheme CRT_colorScheme;
#ifdef HAVE_SETUID_ENABLED
void CRT_dropPrivileges(void);
void CRT_restorePrivileges(void);
#else /* HAVE_SETUID_ENABLED */
/* Turn setuid operations into NOPs */
static inline void CRT_dropPrivileges(void) { } static inline void CRT_dropPrivileges(void) { }
static inline void CRT_restorePrivileges(void) { } static inline void CRT_restorePrivileges(void) { }
#endif /* HAVE_SETUID_ENABLED */
void CRT_init(const Settings* settings, bool allowUnicode); void CRT_init(const Settings* settings, bool allowUnicode);
void CRT_done(void); void CRT_done(void);

3
README
View File

@ -58,9 +58,6 @@ By default `make install` will install into `/usr/local`, for changing the path
enable hwloc support for CPU affinity; disables Linux affinity enable hwloc support for CPU affinity; disables Linux affinity
dependency: *libhwloc* dependency: *libhwloc*
default: *no* default: *no*
* `--enable-setuid`:
enable setuid support for privilege dropping
default: *no*
* `--enable-static`: * `--enable-static`:
build a static htop binary; hwloc and delay accounting are not supported build a static htop binary; hwloc and delay accounting are not supported
default: *no* default: *no*

View File

@ -316,16 +316,6 @@ case "$enable_hwloc" in
;; ;;
esac esac
AC_ARG_ENABLE([setuid],
[AS_HELP_STRING([--enable-setuid],
[enable setuid support for privilege dropping @<:@default=no@:>@])],
[],
[enable_setuid=no])
if test "x$enable_setuid" = xyes; then
AC_DEFINE([HAVE_SETUID_ENABLED], [1], [Define if setuid support should be enabled.])
fi
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
@ -628,7 +618,6 @@ AC_MSG_RESULT([
(Linux) capabilities: $enable_capabilities (Linux) capabilities: $enable_capabilities
unicode: $enable_unicode unicode: $enable_unicode
hwloc: $enable_hwloc hwloc: $enable_hwloc
setuid: $enable_setuid
debug: $enable_debug debug: $enable_debug
static: $enable_static static: $enable_static
]) ])