mirror of
https://git.savannah.gnu.org/git/make.git
synced 2024-12-24 12:58:39 +00:00
getloadavg: Remove support for privileged invocation
This was needed when getloadavg required privileged access; in this case GNU make needed to be installed as a setgid program. But this hasn't been supported by gnulib getloadavg() since 2011 and systems are no longer using it, so remove it. * src/makeint.h (user_access): Remove unnecessary function. (make_access): Ditto. (child_access): Ditto. * src/misc.c: Remove implementations of the *_access() functions. * src/main.c (main): Remove unneeded call to user_access(). * src/job.c (load_too_high): Remove calls to {make,user}_access(). (exec_command): Remove call to child_access(). * src/remote-cstms.c: Remove calls to these methods. I suppose it might be possible this is needed and was piggy-backing on the privileged setting but since that's been broken for a while I doubt this is needed. If so we can bring back the implementation into this source file. * src/config.h.W32.template: Remove GETLOADAVG_PRIVILEGED undef. * src/config.h-vms.template: Ditto. * src/config.ami.template: Ditto.
This commit is contained in:
parent
3f3eecc115
commit
6f7e06ec4e
8 changed files with 1 additions and 278 deletions
|
@ -37,9 +37,6 @@ this program. If not, see <http://www.gnu.org/licenses/>. */
|
|||
/* Define for DGUX with <sys/dg_sys_info.h>. */
|
||||
/* #undef DGUX */
|
||||
|
||||
/* Define if the 'getloadavg' function needs to be run setuid or setgid. */
|
||||
/* #undef GETLOADAVG_PRIVILEGED */
|
||||
|
||||
/* Define to 'unsigned long' or 'unsigned long long'
|
||||
if <inttypes.h> doesn't define. */
|
||||
#define uintmax_t unsigned long
|
||||
|
|
|
@ -65,9 +65,6 @@ this program. If not, see <http://www.gnu.org/licenses/>. */
|
|||
/* Define for DGUX with <sys/dg_sys_info.h>. */
|
||||
/* #undef DGUX */
|
||||
|
||||
/* Define to 1 if the 'getloadavg' function needs to be run setuid or setgid. */
|
||||
/* #undef GETLOADAVG_PRIVILEGED */
|
||||
|
||||
/* Define to 'unsigned long' or 'unsigned long long'
|
||||
if <inttypes.h> doesn't define. */
|
||||
#define uintmax_t unsigned long
|
||||
|
|
|
@ -50,10 +50,6 @@ this program. If not, see <http://www.gnu.org/licenses/>. */
|
|||
/* Use high resolution file timestamps if nonzero. */
|
||||
#define FILE_TIMESTAMP_HI_RES 0
|
||||
|
||||
/* Define to 1 if the 'getloadavg' function needs to be run setuid or setgid.
|
||||
*/
|
||||
/* #undef GETLOADAVG_PRIVILEGED */
|
||||
|
||||
/* Define to 1 if you have 'alloca', as a function or macro. */
|
||||
#define HAVE_ALLOCA 1
|
||||
|
||||
|
|
|
@ -2105,7 +2105,6 @@ load_too_high (void)
|
|||
}
|
||||
|
||||
/* Find the real system load average. */
|
||||
make_access ();
|
||||
if (getloadavg (&load, 1) != 1)
|
||||
{
|
||||
static int lossage = -1;
|
||||
|
@ -2122,7 +2121,6 @@ load_too_high (void)
|
|||
lossage = errno;
|
||||
load = 0;
|
||||
}
|
||||
user_access ();
|
||||
|
||||
/* If we're in a new second zero the counter and correct the backlog
|
||||
value. Only keep the backlog for one extra second; after that it's 0. */
|
||||
|
@ -2548,9 +2546,6 @@ exec_command (char **argv, char **envp)
|
|||
|
||||
pid_t pid = -1;
|
||||
|
||||
/* Be the user, permanently. */
|
||||
child_access ();
|
||||
|
||||
# ifdef __EMX__
|
||||
/* Run the program. */
|
||||
pid = spawnvpe (P_NOWAIT, argv[0], argv, envp);
|
||||
|
|
|
@ -1301,9 +1301,6 @@ main (int argc, char **argv, char **envp)
|
|||
#endif
|
||||
}
|
||||
|
||||
/* Set up to access user data (files). */
|
||||
user_access ();
|
||||
|
||||
initialize_global_hash_tables ();
|
||||
|
||||
/* Figure out where we are. */
|
||||
|
|
|
@ -596,10 +596,6 @@ int gpath_search (const char *file, size_t len);
|
|||
|
||||
void construct_include_path (const char **arg_dirs);
|
||||
|
||||
void user_access (void);
|
||||
void make_access (void);
|
||||
void child_access (void);
|
||||
|
||||
char *strip_whitespace (const char **begpp, const char **endpp);
|
||||
|
||||
void show_goal_error (void);
|
||||
|
|
248
src/misc.c
248
src/misc.c
|
@ -608,254 +608,6 @@ strncasecmp (const char *s1, const char *s2, int n)
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifdef GETLOADAVG_PRIVILEGED
|
||||
|
||||
#ifdef POSIX
|
||||
|
||||
/* Hopefully if a system says it's POSIX.1 and has the setuid and setgid
|
||||
functions, they work as POSIX.1 says. Some systems (Alpha OSF/1 1.2,
|
||||
for example) which claim to be POSIX.1 also have the BSD setreuid and
|
||||
setregid functions, but they don't work as in BSD and only the POSIX.1
|
||||
way works. */
|
||||
|
||||
#undef HAVE_SETREUID
|
||||
#undef HAVE_SETREGID
|
||||
|
||||
#else /* Not POSIX. */
|
||||
|
||||
/* Some POSIX.1 systems have the seteuid and setegid functions. In a
|
||||
POSIX-like system, they are the best thing to use. However, some
|
||||
non-POSIX systems have them too but they do not work in the POSIX style
|
||||
and we must use setreuid and setregid instead. */
|
||||
|
||||
#undef HAVE_SETEUID
|
||||
#undef HAVE_SETEGID
|
||||
|
||||
#endif /* POSIX. */
|
||||
|
||||
#ifndef HAVE_UNISTD_H
|
||||
extern int getuid (), getgid (), geteuid (), getegid ();
|
||||
extern int setuid (), setgid ();
|
||||
#ifdef HAVE_SETEUID
|
||||
extern int seteuid ();
|
||||
#else
|
||||
#ifdef HAVE_SETREUID
|
||||
extern int setreuid ();
|
||||
#endif /* Have setreuid. */
|
||||
#endif /* Have seteuid. */
|
||||
#ifdef HAVE_SETEGID
|
||||
extern int setegid ();
|
||||
#else
|
||||
#ifdef HAVE_SETREGID
|
||||
extern int setregid ();
|
||||
#endif /* Have setregid. */
|
||||
#endif /* Have setegid. */
|
||||
#endif /* No <unistd.h>. */
|
||||
|
||||
/* Keep track of the user and group IDs for user- and make- access. */
|
||||
static int user_uid = -1, user_gid = -1, make_uid = -1, make_gid = -1;
|
||||
#define access_inited (user_uid != -1)
|
||||
static enum { make, user } current_access;
|
||||
|
||||
|
||||
/* Under -d, write a message describing the current IDs. */
|
||||
|
||||
static void
|
||||
log_access (const char *flavor)
|
||||
{
|
||||
if (! ISDB (DB_JOBS))
|
||||
return;
|
||||
|
||||
/* All the other debugging messages go to stdout,
|
||||
but we write this one to stderr because it might be
|
||||
run in a child fork whose stdout is piped. */
|
||||
|
||||
fprintf (stderr, _("%s: user %lu (real %lu), group %lu (real %lu)\n"),
|
||||
flavor, (unsigned long) geteuid (), (unsigned long) getuid (),
|
||||
(unsigned long) getegid (), (unsigned long) getgid ());
|
||||
fflush (stderr);
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
init_access (void)
|
||||
{
|
||||
#ifndef VMS
|
||||
user_uid = getuid ();
|
||||
user_gid = getgid ();
|
||||
|
||||
make_uid = geteuid ();
|
||||
make_gid = getegid ();
|
||||
|
||||
/* Do these ever fail? */
|
||||
if (user_uid == -1 || user_gid == -1 || make_uid == -1 || make_gid == -1)
|
||||
pfatal_with_name ("get{e}[gu]id");
|
||||
|
||||
log_access (_("Initialized access"));
|
||||
|
||||
current_access = make;
|
||||
#endif
|
||||
}
|
||||
|
||||
#endif /* GETLOADAVG_PRIVILEGED */
|
||||
|
||||
/* Give the process appropriate permissions for access to
|
||||
user data (i.e., to stat files, or to spawn a child process). */
|
||||
void
|
||||
user_access (void)
|
||||
{
|
||||
#ifdef GETLOADAVG_PRIVILEGED
|
||||
|
||||
if (!access_inited)
|
||||
init_access ();
|
||||
|
||||
if (current_access == user)
|
||||
return;
|
||||
|
||||
/* We are in "make access" mode. This means that the effective user and
|
||||
group IDs are those of make (if it was installed setuid or setgid).
|
||||
We now want to set the effective user and group IDs to the real IDs,
|
||||
which are the IDs of the process that exec'd make. */
|
||||
|
||||
#ifdef HAVE_SETEUID
|
||||
|
||||
/* Modern systems have the seteuid/setegid calls which set only the
|
||||
effective IDs, which is ideal. */
|
||||
|
||||
if (seteuid (user_uid) < 0)
|
||||
pfatal_with_name ("user_access: seteuid");
|
||||
|
||||
#else /* Not HAVE_SETEUID. */
|
||||
|
||||
#ifndef HAVE_SETREUID
|
||||
|
||||
/* System V has only the setuid/setgid calls to set user/group IDs.
|
||||
There is an effective ID, which can be set by setuid/setgid.
|
||||
It can be set (unless you are root) only to either what it already is
|
||||
(returned by geteuid/getegid, now in make_uid/make_gid),
|
||||
the real ID (return by getuid/getgid, now in user_uid/user_gid),
|
||||
or the saved set ID (what the effective ID was before this set-ID
|
||||
executable (make) was exec'd). */
|
||||
|
||||
if (setuid (user_uid) < 0)
|
||||
pfatal_with_name ("user_access: setuid");
|
||||
|
||||
#else /* HAVE_SETREUID. */
|
||||
|
||||
/* In 4BSD, the setreuid/setregid calls set both the real and effective IDs.
|
||||
They may be set to themselves or each other. So you have two alternatives
|
||||
at any one time. If you use setuid/setgid, the effective will be set to
|
||||
the real, leaving only one alternative. Using setreuid/setregid, however,
|
||||
you can toggle between your two alternatives by swapping the values in a
|
||||
single setreuid or setregid call. */
|
||||
|
||||
if (setreuid (make_uid, user_uid) < 0)
|
||||
pfatal_with_name ("user_access: setreuid");
|
||||
|
||||
#endif /* Not HAVE_SETREUID. */
|
||||
#endif /* HAVE_SETEUID. */
|
||||
|
||||
#ifdef HAVE_SETEGID
|
||||
if (setegid (user_gid) < 0)
|
||||
pfatal_with_name ("user_access: setegid");
|
||||
#else
|
||||
#ifndef HAVE_SETREGID
|
||||
if (setgid (user_gid) < 0)
|
||||
pfatal_with_name ("user_access: setgid");
|
||||
#else
|
||||
if (setregid (make_gid, user_gid) < 0)
|
||||
pfatal_with_name ("user_access: setregid");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
current_access = user;
|
||||
|
||||
log_access (_("User access"));
|
||||
|
||||
#endif /* GETLOADAVG_PRIVILEGED */
|
||||
}
|
||||
|
||||
/* Give the process appropriate permissions for access to
|
||||
make data (i.e., the load average). */
|
||||
void
|
||||
make_access (void)
|
||||
{
|
||||
#ifdef GETLOADAVG_PRIVILEGED
|
||||
|
||||
if (!access_inited)
|
||||
init_access ();
|
||||
|
||||
if (current_access == make)
|
||||
return;
|
||||
|
||||
/* See comments in user_access, above. */
|
||||
|
||||
#ifdef HAVE_SETEUID
|
||||
if (seteuid (make_uid) < 0)
|
||||
pfatal_with_name ("make_access: seteuid");
|
||||
#else
|
||||
#ifndef HAVE_SETREUID
|
||||
if (setuid (make_uid) < 0)
|
||||
pfatal_with_name ("make_access: setuid");
|
||||
#else
|
||||
if (setreuid (user_uid, make_uid) < 0)
|
||||
pfatal_with_name ("make_access: setreuid");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SETEGID
|
||||
if (setegid (make_gid) < 0)
|
||||
pfatal_with_name ("make_access: setegid");
|
||||
#else
|
||||
#ifndef HAVE_SETREGID
|
||||
if (setgid (make_gid) < 0)
|
||||
pfatal_with_name ("make_access: setgid");
|
||||
#else
|
||||
if (setregid (user_gid, make_gid) < 0)
|
||||
pfatal_with_name ("make_access: setregid");
|
||||
#endif
|
||||
#endif
|
||||
|
||||
current_access = make;
|
||||
|
||||
log_access (_("Make access"));
|
||||
|
||||
#endif /* GETLOADAVG_PRIVILEGED */
|
||||
}
|
||||
|
||||
/* Give the process appropriate permissions for a child process.
|
||||
This is like user_access, but you can't get back to make_access. */
|
||||
void
|
||||
child_access (void)
|
||||
{
|
||||
#ifdef GETLOADAVG_PRIVILEGED
|
||||
|
||||
if (!access_inited)
|
||||
abort ();
|
||||
|
||||
/* Set both the real and effective UID and GID to the user's.
|
||||
They cannot be changed back to make's. */
|
||||
|
||||
#ifndef HAVE_SETREUID
|
||||
if (setuid (user_uid) < 0)
|
||||
pfatal_with_name ("child_access: setuid");
|
||||
#else
|
||||
if (setreuid (user_uid, user_uid) < 0)
|
||||
pfatal_with_name ("child_access: setreuid");
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_SETREGID
|
||||
if (setgid (user_gid) < 0)
|
||||
pfatal_with_name ("child_access: setgid");
|
||||
#else
|
||||
if (setregid (user_gid, user_gid) < 0)
|
||||
pfatal_with_name ("child_access: setregid");
|
||||
#endif
|
||||
|
||||
log_access (_("Child access"));
|
||||
|
||||
#endif /* GETLOADAVG_PRIVILEGED */
|
||||
}
|
||||
|
||||
#ifdef NEED_GET_PATH_MAX
|
||||
unsigned int
|
||||
|
|
|
@ -77,19 +77,12 @@ start_remote_job_p (int first_p)
|
|||
return 0;
|
||||
}
|
||||
|
||||
/* For secure Customs, make is installed setuid root and
|
||||
Customs requires a privileged source port be used. */
|
||||
make_access ();
|
||||
|
||||
if (ISDB (DB_JOBS))
|
||||
Rpc_Debug (1);
|
||||
|
||||
/* Ping the daemon once to see if it is there. */
|
||||
inited = Customs_Ping () == RPC_SUCCESS ? 1 : -1;
|
||||
|
||||
/* Return to normal user access. */
|
||||
user_access ();
|
||||
|
||||
if (starting_directory == 0)
|
||||
/* main couldn't figure it out. */
|
||||
inited = -1;
|
||||
|
@ -175,7 +168,7 @@ start_remote_job (char **argv, char **envp, int stdin_fd,
|
|||
len = Customs_MakeWayBill (&permit, normalized_cwd, argv[0], argv,
|
||||
envp, retport, waybill);
|
||||
|
||||
/* Modify the waybill as if the remote child had done 'child_access ()'. */
|
||||
/* Modify the waybill for the child's uid/gid. */
|
||||
{
|
||||
WayBill *wb = (WayBill *) waybill;
|
||||
wb->ruid = wb->euid;
|
||||
|
|
Loading…
Reference in a new issue