getloadavg: Remove support for privileged invocation

This was needed when getloadavg required privileged access; in this
case GNU make needed to be installed as a setgid program.  But this
hasn't been supported by gnulib getloadavg() since 2011 and systems
are no longer using it, so remove it.

* src/makeint.h (user_access): Remove unnecessary function.
(make_access): Ditto.
(child_access): Ditto.
* src/misc.c: Remove implementations of the *_access() functions.
* src/main.c (main): Remove unneeded call to user_access().
* src/job.c (load_too_high): Remove calls to {make,user}_access().
(exec_command): Remove call to child_access().
* src/remote-cstms.c: Remove calls to these methods.  I suppose it
might be possible this is needed and was piggy-backing on the
privileged setting but since that's been broken for a while I doubt
this is needed.  If so we can bring back the implementation into
this source file.
* src/config.h.W32.template: Remove GETLOADAVG_PRIVILEGED undef.
* src/config.h-vms.template: Ditto.
* src/config.ami.template: Ditto.
This commit is contained in:
Paul Smith 2022-07-04 17:30:42 -04:00
parent 3f3eecc115
commit 6f7e06ec4e
8 changed files with 1 additions and 278 deletions

View file

@ -37,9 +37,6 @@ this program. If not, see <http://www.gnu.org/licenses/>. */
/* Define for DGUX with <sys/dg_sys_info.h>. */
/* #undef DGUX */
/* Define if the 'getloadavg' function needs to be run setuid or setgid. */
/* #undef GETLOADAVG_PRIVILEGED */
/* Define to 'unsigned long' or 'unsigned long long'
if <inttypes.h> doesn't define. */
#define uintmax_t unsigned long

View file

@ -65,9 +65,6 @@ this program. If not, see <http://www.gnu.org/licenses/>. */
/* Define for DGUX with <sys/dg_sys_info.h>. */
/* #undef DGUX */
/* Define to 1 if the 'getloadavg' function needs to be run setuid or setgid. */
/* #undef GETLOADAVG_PRIVILEGED */
/* Define to 'unsigned long' or 'unsigned long long'
if <inttypes.h> doesn't define. */
#define uintmax_t unsigned long

View file

@ -50,10 +50,6 @@ this program. If not, see <http://www.gnu.org/licenses/>. */
/* Use high resolution file timestamps if nonzero. */
#define FILE_TIMESTAMP_HI_RES 0
/* Define to 1 if the 'getloadavg' function needs to be run setuid or setgid.
*/
/* #undef GETLOADAVG_PRIVILEGED */
/* Define to 1 if you have 'alloca', as a function or macro. */
#define HAVE_ALLOCA 1

View file

@ -2105,7 +2105,6 @@ load_too_high (void)
}
/* Find the real system load average. */
make_access ();
if (getloadavg (&load, 1) != 1)
{
static int lossage = -1;
@ -2122,7 +2121,6 @@ load_too_high (void)
lossage = errno;
load = 0;
}
user_access ();
/* If we're in a new second zero the counter and correct the backlog
value. Only keep the backlog for one extra second; after that it's 0. */
@ -2548,9 +2546,6 @@ exec_command (char **argv, char **envp)
pid_t pid = -1;
/* Be the user, permanently. */
child_access ();
# ifdef __EMX__
/* Run the program. */
pid = spawnvpe (P_NOWAIT, argv[0], argv, envp);

View file

@ -1301,9 +1301,6 @@ main (int argc, char **argv, char **envp)
#endif
}
/* Set up to access user data (files). */
user_access ();
initialize_global_hash_tables ();
/* Figure out where we are. */

View file

@ -596,10 +596,6 @@ int gpath_search (const char *file, size_t len);
void construct_include_path (const char **arg_dirs);
void user_access (void);
void make_access (void);
void child_access (void);
char *strip_whitespace (const char **begpp, const char **endpp);
void show_goal_error (void);

View file

@ -608,254 +608,6 @@ strncasecmp (const char *s1, const char *s2, int n)
}
#endif
#ifdef GETLOADAVG_PRIVILEGED
#ifdef POSIX
/* Hopefully if a system says it's POSIX.1 and has the setuid and setgid
functions, they work as POSIX.1 says. Some systems (Alpha OSF/1 1.2,
for example) which claim to be POSIX.1 also have the BSD setreuid and
setregid functions, but they don't work as in BSD and only the POSIX.1
way works. */
#undef HAVE_SETREUID
#undef HAVE_SETREGID
#else /* Not POSIX. */
/* Some POSIX.1 systems have the seteuid and setegid functions. In a
POSIX-like system, they are the best thing to use. However, some
non-POSIX systems have them too but they do not work in the POSIX style
and we must use setreuid and setregid instead. */
#undef HAVE_SETEUID
#undef HAVE_SETEGID
#endif /* POSIX. */
#ifndef HAVE_UNISTD_H
extern int getuid (), getgid (), geteuid (), getegid ();
extern int setuid (), setgid ();
#ifdef HAVE_SETEUID
extern int seteuid ();
#else
#ifdef HAVE_SETREUID
extern int setreuid ();
#endif /* Have setreuid. */
#endif /* Have seteuid. */
#ifdef HAVE_SETEGID
extern int setegid ();
#else
#ifdef HAVE_SETREGID
extern int setregid ();
#endif /* Have setregid. */
#endif /* Have setegid. */
#endif /* No <unistd.h>. */
/* Keep track of the user and group IDs for user- and make- access. */
static int user_uid = -1, user_gid = -1, make_uid = -1, make_gid = -1;
#define access_inited (user_uid != -1)
static enum { make, user } current_access;
/* Under -d, write a message describing the current IDs. */
static void
log_access (const char *flavor)
{
if (! ISDB (DB_JOBS))
return;
/* All the other debugging messages go to stdout,
but we write this one to stderr because it might be
run in a child fork whose stdout is piped. */
fprintf (stderr, _("%s: user %lu (real %lu), group %lu (real %lu)\n"),
flavor, (unsigned long) geteuid (), (unsigned long) getuid (),
(unsigned long) getegid (), (unsigned long) getgid ());
fflush (stderr);
}
static void
init_access (void)
{
#ifndef VMS
user_uid = getuid ();
user_gid = getgid ();
make_uid = geteuid ();
make_gid = getegid ();
/* Do these ever fail? */
if (user_uid == -1 || user_gid == -1 || make_uid == -1 || make_gid == -1)
pfatal_with_name ("get{e}[gu]id");
log_access (_("Initialized access"));
current_access = make;
#endif
}
#endif /* GETLOADAVG_PRIVILEGED */
/* Give the process appropriate permissions for access to
user data (i.e., to stat files, or to spawn a child process). */
void
user_access (void)
{
#ifdef GETLOADAVG_PRIVILEGED
if (!access_inited)
init_access ();
if (current_access == user)
return;
/* We are in "make access" mode. This means that the effective user and
group IDs are those of make (if it was installed setuid or setgid).
We now want to set the effective user and group IDs to the real IDs,
which are the IDs of the process that exec'd make. */
#ifdef HAVE_SETEUID
/* Modern systems have the seteuid/setegid calls which set only the
effective IDs, which is ideal. */
if (seteuid (user_uid) < 0)
pfatal_with_name ("user_access: seteuid");
#else /* Not HAVE_SETEUID. */
#ifndef HAVE_SETREUID
/* System V has only the setuid/setgid calls to set user/group IDs.
There is an effective ID, which can be set by setuid/setgid.
It can be set (unless you are root) only to either what it already is
(returned by geteuid/getegid, now in make_uid/make_gid),
the real ID (return by getuid/getgid, now in user_uid/user_gid),
or the saved set ID (what the effective ID was before this set-ID
executable (make) was exec'd). */
if (setuid (user_uid) < 0)
pfatal_with_name ("user_access: setuid");
#else /* HAVE_SETREUID. */
/* In 4BSD, the setreuid/setregid calls set both the real and effective IDs.
They may be set to themselves or each other. So you have two alternatives
at any one time. If you use setuid/setgid, the effective will be set to
the real, leaving only one alternative. Using setreuid/setregid, however,
you can toggle between your two alternatives by swapping the values in a
single setreuid or setregid call. */
if (setreuid (make_uid, user_uid) < 0)
pfatal_with_name ("user_access: setreuid");
#endif /* Not HAVE_SETREUID. */
#endif /* HAVE_SETEUID. */
#ifdef HAVE_SETEGID
if (setegid (user_gid) < 0)
pfatal_with_name ("user_access: setegid");
#else
#ifndef HAVE_SETREGID
if (setgid (user_gid) < 0)
pfatal_with_name ("user_access: setgid");
#else
if (setregid (make_gid, user_gid) < 0)
pfatal_with_name ("user_access: setregid");
#endif
#endif
current_access = user;
log_access (_("User access"));
#endif /* GETLOADAVG_PRIVILEGED */
}
/* Give the process appropriate permissions for access to
make data (i.e., the load average). */
void
make_access (void)
{
#ifdef GETLOADAVG_PRIVILEGED
if (!access_inited)
init_access ();
if (current_access == make)
return;
/* See comments in user_access, above. */
#ifdef HAVE_SETEUID
if (seteuid (make_uid) < 0)
pfatal_with_name ("make_access: seteuid");
#else
#ifndef HAVE_SETREUID
if (setuid (make_uid) < 0)
pfatal_with_name ("make_access: setuid");
#else
if (setreuid (user_uid, make_uid) < 0)
pfatal_with_name ("make_access: setreuid");
#endif
#endif
#ifdef HAVE_SETEGID
if (setegid (make_gid) < 0)
pfatal_with_name ("make_access: setegid");
#else
#ifndef HAVE_SETREGID
if (setgid (make_gid) < 0)
pfatal_with_name ("make_access: setgid");
#else
if (setregid (user_gid, make_gid) < 0)
pfatal_with_name ("make_access: setregid");
#endif
#endif
current_access = make;
log_access (_("Make access"));
#endif /* GETLOADAVG_PRIVILEGED */
}
/* Give the process appropriate permissions for a child process.
This is like user_access, but you can't get back to make_access. */
void
child_access (void)
{
#ifdef GETLOADAVG_PRIVILEGED
if (!access_inited)
abort ();
/* Set both the real and effective UID and GID to the user's.
They cannot be changed back to make's. */
#ifndef HAVE_SETREUID
if (setuid (user_uid) < 0)
pfatal_with_name ("child_access: setuid");
#else
if (setreuid (user_uid, user_uid) < 0)
pfatal_with_name ("child_access: setreuid");
#endif
#ifndef HAVE_SETREGID
if (setgid (user_gid) < 0)
pfatal_with_name ("child_access: setgid");
#else
if (setregid (user_gid, user_gid) < 0)
pfatal_with_name ("child_access: setregid");
#endif
log_access (_("Child access"));
#endif /* GETLOADAVG_PRIVILEGED */
}
#ifdef NEED_GET_PATH_MAX
unsigned int

View file

@ -77,19 +77,12 @@ start_remote_job_p (int first_p)
return 0;
}
/* For secure Customs, make is installed setuid root and
Customs requires a privileged source port be used. */
make_access ();
if (ISDB (DB_JOBS))
Rpc_Debug (1);
/* Ping the daemon once to see if it is there. */
inited = Customs_Ping () == RPC_SUCCESS ? 1 : -1;
/* Return to normal user access. */
user_access ();
if (starting_directory == 0)
/* main couldn't figure it out. */
inited = -1;
@ -175,7 +168,7 @@ start_remote_job (char **argv, char **envp, int stdin_fd,
len = Customs_MakeWayBill (&permit, normalized_cwd, argv[0], argv,
envp, retport, waybill);
/* Modify the waybill as if the remote child had done 'child_access ()'. */
/* Modify the waybill for the child's uid/gid. */
{
WayBill *wb = (WayBill *) waybill;
wb->ruid = wb->euid;