diff options
| author | Karel Zak | 2016-10-03 16:56:56 +0200 |
|---|---|---|
| committer | Karel Zak | 2016-10-03 16:56:56 +0200 |
| commit | 23f75093264aae5d58d61016cb1a29d8ebdfa157 (patch) | |
| tree | b07c014a35023889d0ec9bda40a3fe05ee402cc1 /login-utils | |
| parent | tests: add chrt vs. nice test (diff) | |
| download | kernel-qcow2-util-linux-23f75093264aae5d58d61016cb1a29d8ebdfa157.tar.gz kernel-qcow2-util-linux-23f75093264aae5d58d61016cb1a29d8ebdfa157.tar.xz kernel-qcow2-util-linux-23f75093264aae5d58d61016cb1a29d8ebdfa157.zip | |
Revert "su,runuser: add libseccomp based workaround for TIOCSTI ioctl"
This reverts commit 8e4925016875c6a4f2ab4f833ba66f0fc57396a2.
Stupid hack...
Diffstat (limited to 'login-utils')
| -rw-r--r-- | login-utils/Makemodule.am | 7 | ||||
| -rw-r--r-- | login-utils/su-common.c | 20 |
2 files changed, 3 insertions, 24 deletions
diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am index 12f27e12e..be07ace43 100644 --- a/login-utils/Makemodule.am +++ b/login-utils/Makemodule.am @@ -140,9 +140,9 @@ su_SOURCES = \ login-utils/su-common.h \ login-utils/logindefs.c \ login-utils/logindefs.h -su_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) $(SECCOMP_CFLAGS) +su_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) su_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS) -su_LDADD = $(LDADD) libcommon.la -lpam $(SECCOMP_LIBS) +su_LDADD = $(LDADD) libcommon.la -lpam if HAVE_LINUXPAM su_LDADD += -lpam_misc endif @@ -158,8 +158,7 @@ runuser_SOURCES = \ login-utils/su-common.h \ login-utils/logindefs.c \ login-utils/logindefs.h -runuser_LDADD = $(LDADD) libcommon.la -lpam $(SECCOMP_LIBS) -runuser_CFLAGS = $(AM_CFLAGS) $(SECCOMP_CFLAGS) +runuser_LDADD = $(LDADD) libcommon.la -lpam if HAVE_LINUXPAM runuser_LDADD += -lpam_misc endif diff --git a/login-utils/su-common.c b/login-utils/su-common.c index 5ab2a1ac0..ff20a2f47 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -59,9 +59,6 @@ enum #include <sys/wait.h> #include <syslog.h> #include <utmp.h> -#ifdef HAVE_LIBSECCOMP -# include <seccomp.h> -#endif #include "err.h" @@ -677,21 +674,6 @@ restricted_shell (const char *shell) return true; } -static void disable_tty_hijack(void) -{ -#ifdef HAVE_LIBSECCOMP - scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW); - if (!ctx) - err(EXIT_FAILURE, _("failed to initialize seccomp context")); - if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(ioctl), 1, - SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)) < 0) - err(EXIT_FAILURE, _("failed to add seccomp rule")); - if (seccomp_load(ctx) < 0) - err(EXIT_FAILURE, _("failed to load seccomp rule")); - seccomp_release(ctx); -#endif /* HAVE_LIBSECCOMP */ -} - static void __attribute__((__noreturn__)) usage (int status) { @@ -988,8 +970,6 @@ su_main (int argc, char **argv, int mode) change_identity (pw); if (!same_session) setsid (); - else - disable_tty_hijack(); /* Set environment after pam_open_session, which may put KRB5CCNAME into the pam_env, etc. */ |