diff options
author | Karel Zak <kzak@redhat.com> | 2016-10-03 16:56:56 +0200 |
---|---|---|
committer | Karel Zak <kzak@redhat.com> | 2016-10-03 16:56:56 +0200 |
commit | 23f75093264aae5d58d61016cb1a29d8ebdfa157 (patch) | |
tree | b07c014a35023889d0ec9bda40a3fe05ee402cc1 | |
parent | 8b641fd6a220fd76a6c25b100d1ba43c6052efe2 (diff) | |
download | util-linux-23f75093264aae5d58d61016cb1a29d8ebdfa157.tar.gz |
Revert "su,runuser: add libseccomp based workaround for TIOCSTI ioctl"
This reverts commit 8e4925016875c6a4f2ab4f833ba66f0fc57396a2.
Stupid hack...
-rw-r--r-- | configure.ac | 16 | ||||
-rw-r--r-- | login-utils/Makemodule.am | 7 | ||||
-rw-r--r-- | login-utils/su-common.c | 20 |
3 files changed, 3 insertions, 40 deletions
diff --git a/configure.ac b/configure.ac index 64887ac1ec..39600bcd1f 100644 --- a/configure.ac +++ b/configure.ac @@ -1691,22 +1691,6 @@ AS_IF([test "x$with_user" != xno], [ ]) AM_CONDITIONAL([HAVE_USER], [test "x$have_user" = xyes]) - -AC_ARG_WITH([libseccomp], AS_HELP_STRING([--without-seccomp], [compile without libseccomp]), - [], [with_seccomp=check] -) -have_seccomp=no -AS_IF([test "x$with_seccomp" != xno], [ - PKG_CHECK_MODULES(SECCOMP,[libseccomp], [have_seccomp=yes], [have_seccomp=no]) - AS_CASE([$with_seccomp:$have_seccomp], - [yes:no], - [AC_MSG_ERROR([seccomp selected but libseccomp not found])], - [*:yes], - [AC_DEFINE([HAVE_LIBSECCOMP], [1], [Define if libseccomp is available])] - ) -]) - - AC_ARG_ENABLE([chfn-chsh-password], AS_HELP_STRING([--disable-chfn-chsh-password], [do not require the user to enter the password in chfn and chsh]), [], [enable_chfn_chsh_password=yes] diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am index 12f27e12e4..be07ace43f 100644 --- a/login-utils/Makemodule.am +++ b/login-utils/Makemodule.am @@ -140,9 +140,9 @@ su_SOURCES = \ login-utils/su-common.h \ login-utils/logindefs.c \ login-utils/logindefs.h -su_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) $(SECCOMP_CFLAGS) +su_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) su_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS) -su_LDADD = $(LDADD) libcommon.la -lpam $(SECCOMP_LIBS) +su_LDADD = $(LDADD) libcommon.la -lpam if HAVE_LINUXPAM su_LDADD += -lpam_misc endif @@ -158,8 +158,7 @@ runuser_SOURCES = \ login-utils/su-common.h \ login-utils/logindefs.c \ login-utils/logindefs.h -runuser_LDADD = $(LDADD) libcommon.la -lpam $(SECCOMP_LIBS) -runuser_CFLAGS = $(AM_CFLAGS) $(SECCOMP_CFLAGS) +runuser_LDADD = $(LDADD) libcommon.la -lpam if HAVE_LINUXPAM runuser_LDADD += -lpam_misc endif diff --git a/login-utils/su-common.c b/login-utils/su-common.c index 5ab2a1ac03..ff20a2f478 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -59,9 +59,6 @@ enum #include <sys/wait.h> #include <syslog.h> #include <utmp.h> -#ifdef HAVE_LIBSECCOMP -# include <seccomp.h> -#endif #include "err.h" @@ -677,21 +674,6 @@ restricted_shell (const char *shell) return true; } -static void disable_tty_hijack(void) -{ -#ifdef HAVE_LIBSECCOMP - scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW); - if (!ctx) - err(EXIT_FAILURE, _("failed to initialize seccomp context")); - if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(ioctl), 1, - SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)) < 0) - err(EXIT_FAILURE, _("failed to add seccomp rule")); - if (seccomp_load(ctx) < 0) - err(EXIT_FAILURE, _("failed to load seccomp rule")); - seccomp_release(ctx); -#endif /* HAVE_LIBSECCOMP */ -} - static void __attribute__((__noreturn__)) usage (int status) { @@ -988,8 +970,6 @@ su_main (int argc, char **argv, int mode) change_identity (pw); if (!same_session) setsid (); - else - disable_tty_hijack(); /* Set environment after pam_open_session, which may put KRB5CCNAME into the pam_env, etc. */ |