Revert "su,runuser: add libseccomp based workaround for TIOCSTI ioctl"

This reverts commit 8e4925016875c6a4f2ab4f833ba66f0fc57396a2.

Stupid hack...

diff --git a/configure.ac b/configure.ac
index 64887ac1ec57ae32b457c2972156a6ce142cd985..39600bcd1f05b155892ff13f71a16103ba9339e6 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1691,22 +1691,6 @@ AS_IF([test "x$with_user" != xno], [
 ])
 AM_CONDITIONAL([HAVE_USER], [test "x$have_user" = xyes])
 
-
-AC_ARG_WITH([libseccomp], AS_HELP_STRING([--without-seccomp], [compile without libseccomp]),
-  [], [with_seccomp=check]
-)
-have_seccomp=no
-AS_IF([test "x$with_seccomp" != xno], [
-  PKG_CHECK_MODULES(SECCOMP,[libseccomp], [have_seccomp=yes], [have_seccomp=no])
-  AS_CASE([$with_seccomp:$have_seccomp],
-    [yes:no],
-      [AC_MSG_ERROR([seccomp selected but libseccomp not found])],
-    [*:yes],
-      [AC_DEFINE([HAVE_LIBSECCOMP], [1], [Define if libseccomp is available])]
-  )
-])
-
-
 AC_ARG_ENABLE([chfn-chsh-password],
   AS_HELP_STRING([--disable-chfn-chsh-password], [do not require the user to enter the password in chfn and chsh]),
   [], [enable_chfn_chsh_password=yes]

diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am
index 12f27e12e45e7822063ccb745b3404774db09846..be07ace43f4fa4d0aff4bc75862c4a45cf271c61 100644 (file)
--- a/login-utils/Makemodule.am
+++ b/login-utils/Makemodule.am
@@ -140,9 +140,9 @@ su_SOURCES = \
        login-utils/su-common.h \
        login-utils/logindefs.c \
        login-utils/logindefs.h
-su_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) $(SECCOMP_CFLAGS)
+su_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS)
 su_LDFLAGS = $(SUID_LDFLAGS) $(AM_LDFLAGS)
-su_LDADD = $(LDADD) libcommon.la -lpam $(SECCOMP_LIBS)
+su_LDADD = $(LDADD) libcommon.la -lpam
 if HAVE_LINUXPAM
 su_LDADD += -lpam_misc
 endif
@@ -158,8 +158,7 @@ runuser_SOURCES = \
        login-utils/su-common.h \
        login-utils/logindefs.c \
        login-utils/logindefs.h
-runuser_LDADD = $(LDADD) libcommon.la -lpam $(SECCOMP_LIBS)
-runuser_CFLAGS = $(AM_CFLAGS) $(SECCOMP_CFLAGS)
+runuser_LDADD = $(LDADD) libcommon.la -lpam
 if HAVE_LINUXPAM
 runuser_LDADD += -lpam_misc
 endif

diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index 5ab2a1ac037b5e405873f595f5e0d6a4056302cf..ff20a2f47878772a8b44fd88ef02440c1c3bb5ce 100644 (file)
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -59,9 +59,6 @@ enum
 #include <sys/wait.h>
 #include <syslog.h>
 #include <utmp.h>
-#ifdef HAVE_LIBSECCOMP
-# include <seccomp.h>
-#endif
 
 #include "err.h"
 
@@ -677,21 +674,6 @@ restricted_shell (const char *shell)
   return true;
 }
 
-static void disable_tty_hijack(void)
-{
-#ifdef HAVE_LIBSECCOMP
-  scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_ALLOW);
-  if (!ctx)
-    err(EXIT_FAILURE, _("failed to initialize seccomp context"));
-  if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(ioctl), 1,
-                           SCMP_A1(SCMP_CMP_EQ, (int)TIOCSTI)) < 0)
-    err(EXIT_FAILURE, _("failed to add seccomp rule"));
-  if (seccomp_load(ctx) < 0)
-    err(EXIT_FAILURE, _("failed to load seccomp rule"));
-  seccomp_release(ctx);
-#endif /* HAVE_LIBSECCOMP */
-}
-
 static void __attribute__((__noreturn__))
 usage (int status)
 {
@@ -988,8 +970,6 @@ su_main (int argc, char **argv, int mode)
   change_identity (pw);
   if (!same_session)
     setsid ();
-  else
-    disable_tty_hijack();
 
   /* Set environment after pam_open_session, which may put KRB5CCNAME
      into the pam_env, etc.  */