getloadavg: Remove support for privileged invocation

This was needed when getloadavg required privileged access; in this
case GNU make needed to be installed as a setgid program.  But this
hasn't been supported by gnulib getloadavg() since 2011 and systems
are no longer using it, so remove it.

* src/makeint.h (user_access): Remove unnecessary function.
(make_access): Ditto.
(child_access): Ditto.
* src/misc.c: Remove implementations of the *_access() functions.
* src/main.c (main): Remove unneeded call to user_access().
* src/job.c (load_too_high): Remove calls to {make,user}_access().
(exec_command): Remove call to child_access().
* src/remote-cstms.c: Remove calls to these methods.  I suppose it
might be possible this is needed and was piggy-backing on the
privileged setting but since that's been broken for a while I doubt
this is needed.  If so we can bring back the implementation into
this source file.
* src/config.h.W32.template: Remove GETLOADAVG_PRIVILEGED undef.
* src/config.h-vms.template: Ditto.
* src/config.ami.template: Ditto.

8 files changed, 1 insertions, 278 deletions

diff --git a/src/config.ami.template b/src/config.ami.template
index 0e837318..e3025261 100644
--- a/src/config.ami.template
+++ b/src/config.ami.template
@@ -37,9 +37,6 @@ this program.  If not, see <http://www.gnu.org/licenses/>.  */
 /* Define for DGUX with <sys/dg_sys_info.h>.  */
 /* #undef DGUX */
 
-/* Define if the 'getloadavg' function needs to be run setuid or setgid.  */
-/* #undef GETLOADAVG_PRIVILEGED */
-
 /* Define to 'unsigned long' or 'unsigned long long'
    if <inttypes.h> doesn't define.  */
 #define uintmax_t unsigned long
diff --git a/src/config.h-vms.template b/src/config.h-vms.template
index 00dc5218..f4fd9296 100644
--- a/src/config.h-vms.template
+++ b/src/config.h-vms.template
@@ -65,9 +65,6 @@ this program.  If not, see <http://www.gnu.org/licenses/>.  */
 /* Define for DGUX with <sys/dg_sys_info.h>.  */
 /* #undef DGUX */
 
-/* Define to 1 if the 'getloadavg' function needs to be run setuid or setgid.  */
-/* #undef GETLOADAVG_PRIVILEGED */
-
 /* Define to 'unsigned long' or 'unsigned long long'
    if <inttypes.h> doesn't define.  */
 #define uintmax_t unsigned long
diff --git a/src/config.h.W32.template b/src/config.h.W32.template
index bb1bffa9..d47d1efb 100644
--- a/src/config.h.W32.template
+++ b/src/config.h.W32.template
@@ -50,10 +50,6 @@ this program.  If not, see <http://www.gnu.org/licenses/>.  */
 /* Use high resolution file timestamps if nonzero. */
 #define FILE_TIMESTAMP_HI_RES 0
 
-/* Define to 1 if the 'getloadavg' function needs to be run setuid or setgid.
-   */
-/* #undef GETLOADAVG_PRIVILEGED */
-
 /* Define to 1 if you have 'alloca', as a function or macro. */
 #define HAVE_ALLOCA 1
 
diff --git a/src/job.c b/src/job.c
index 8e61c066..0c9054bd 100644
--- a/src/job.c
+++ b/src/job.c
@@ -2105,7 +2105,6 @@ load_too_high (void)
     }
 
   /* Find the real system load average.  */
-  make_access ();
   if (getloadavg (&load, 1) != 1)
     {
       static int lossage = -1;
@@ -2122,7 +2121,6 @@ load_too_high (void)
       lossage = errno;
       load = 0;
     }
-  user_access ();
 
   /* If we're in a new second zero the counter and correct the backlog
      value.  Only keep the backlog for one extra second; after that it's 0.  */
@@ -2548,9 +2546,6 @@ exec_command (char **argv, char **envp)
 
   pid_t pid = -1;
 
-  /* Be the user, permanently.  */
-  child_access ();
-
 # ifdef __EMX__
   /* Run the program.  */
   pid = spawnvpe (P_NOWAIT, argv[0], argv, envp);
diff --git a/src/main.c b/src/main.c
index 5d8792b0..a999ee89 100644
--- a/src/main.c
+++ b/src/main.c
@@ -1301,9 +1301,6 @@ main (int argc, char **argv, char **envp)
 #endif
     }
 
-  /* Set up to access user data (files).  */
-  user_access ();
-
   initialize_global_hash_tables ();
 
   /* Figure out where we are.  */
diff --git a/src/makeint.h b/src/makeint.h
index c37b1a0d..d117240b 100644
--- a/src/makeint.h
+++ b/src/makeint.h
@@ -596,10 +596,6 @@ int gpath_search (const char *file, size_t len);
 
 void construct_include_path (const char **arg_dirs);
 
-void user_access (void);
-void make_access (void);
-void child_access (void);
-
 char *strip_whitespace (const char **begpp, const char **endpp);
 
 void show_goal_error (void);
diff --git a/src/misc.c b/src/misc.c
index 25700dc5..eed1693b 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -608,254 +608,6 @@ strncasecmp (const char *s1, const char *s2, int n)
 }
 #endif
 
-#ifdef  GETLOADAVG_PRIVILEGED
-
-#ifdef POSIX
-
-/* Hopefully if a system says it's POSIX.1 and has the setuid and setgid
-   functions, they work as POSIX.1 says.  Some systems (Alpha OSF/1 1.2,
-   for example) which claim to be POSIX.1 also have the BSD setreuid and
-   setregid functions, but they don't work as in BSD and only the POSIX.1
-   way works.  */
-
-#undef HAVE_SETREUID
-#undef HAVE_SETREGID
-
-#else   /* Not POSIX.  */
-
-/* Some POSIX.1 systems have the seteuid and setegid functions.  In a
-   POSIX-like system, they are the best thing to use.  However, some
-   non-POSIX systems have them too but they do not work in the POSIX style
-   and we must use setreuid and setregid instead.  */
-
-#undef HAVE_SETEUID
-#undef HAVE_SETEGID
-
-#endif  /* POSIX.  */
-
-#ifndef HAVE_UNISTD_H
-extern int getuid (), getgid (), geteuid (), getegid ();
-extern int setuid (), setgid ();
-#ifdef HAVE_SETEUID
-extern int seteuid ();
-#else
-#ifdef  HAVE_SETREUID
-extern int setreuid ();
-#endif  /* Have setreuid.  */
-#endif  /* Have seteuid.  */
-#ifdef HAVE_SETEGID
-extern int setegid ();
-#else
-#ifdef  HAVE_SETREGID
-extern int setregid ();
-#endif  /* Have setregid.  */
-#endif  /* Have setegid.  */
-#endif  /* No <unistd.h>.  */
-
-/* Keep track of the user and group IDs for user- and make- access.  */
-static int user_uid = -1, user_gid = -1, make_uid = -1, make_gid = -1;
-#define access_inited   (user_uid != -1)
-static enum { make, user } current_access;
-
-
-/* Under -d, write a message describing the current IDs.  */
-
-static void
-log_access (const char *flavor)
-{
-  if (! ISDB (DB_JOBS))
-    return;
-
-  /* All the other debugging messages go to stdout,
-     but we write this one to stderr because it might be
-     run in a child fork whose stdout is piped.  */
-
-  fprintf (stderr, _("%s: user %lu (real %lu), group %lu (real %lu)\n"),
-           flavor, (unsigned long) geteuid (), (unsigned long) getuid (),
-           (unsigned long) getegid (), (unsigned long) getgid ());
-  fflush (stderr);
-}
-
-
-static void
-init_access (void)
-{
-#ifndef VMS
-  user_uid = getuid ();
-  user_gid = getgid ();
-
-  make_uid = geteuid ();
-  make_gid = getegid ();
-
-  /* Do these ever fail?  */
-  if (user_uid == -1 || user_gid == -1 || make_uid == -1 || make_gid == -1)
-    pfatal_with_name ("get{e}[gu]id");
-
-  log_access (_("Initialized access"));
-
-  current_access = make;
-#endif
-}
-
-#endif  /* GETLOADAVG_PRIVILEGED */
-
-/* Give the process appropriate permissions for access to
-   user data (i.e., to stat files, or to spawn a child process).  */
-void
-user_access (void)
-{
-#ifdef  GETLOADAVG_PRIVILEGED
-
-  if (!access_inited)
-    init_access ();
-
-  if (current_access == user)
-    return;
-
-  /* We are in "make access" mode.  This means that the effective user and
-     group IDs are those of make (if it was installed setuid or setgid).
-     We now want to set the effective user and group IDs to the real IDs,
-     which are the IDs of the process that exec'd make.  */
-
-#ifdef  HAVE_SETEUID
-
-  /* Modern systems have the seteuid/setegid calls which set only the
-     effective IDs, which is ideal.  */
-
-  if (seteuid (user_uid) < 0)
-    pfatal_with_name ("user_access: seteuid");
-
-#else   /* Not HAVE_SETEUID.  */
-
-#ifndef HAVE_SETREUID
-
-  /* System V has only the setuid/setgid calls to set user/group IDs.
-     There is an effective ID, which can be set by setuid/setgid.
-     It can be set (unless you are root) only to either what it already is
-     (returned by geteuid/getegid, now in make_uid/make_gid),
-     the real ID (return by getuid/getgid, now in user_uid/user_gid),
-     or the saved set ID (what the effective ID was before this set-ID
-     executable (make) was exec'd).  */
-
-  if (setuid (user_uid) < 0)
-    pfatal_with_name ("user_access: setuid");
-
-#else   /* HAVE_SETREUID.  */
-
-  /* In 4BSD, the setreuid/setregid calls set both the real and effective IDs.
-     They may be set to themselves or each other.  So you have two alternatives
-     at any one time.  If you use setuid/setgid, the effective will be set to
-     the real, leaving only one alternative.  Using setreuid/setregid, however,
-     you can toggle between your two alternatives by swapping the values in a
-     single setreuid or setregid call.  */
-
-  if (setreuid (make_uid, user_uid) < 0)
-    pfatal_with_name ("user_access: setreuid");
-
-#endif  /* Not HAVE_SETREUID.  */
-#endif  /* HAVE_SETEUID.  */
-
-#ifdef  HAVE_SETEGID
-  if (setegid (user_gid) < 0)
-    pfatal_with_name ("user_access: setegid");
-#else
-#ifndef HAVE_SETREGID
-  if (setgid (user_gid) < 0)
-    pfatal_with_name ("user_access: setgid");
-#else
-  if (setregid (make_gid, user_gid) < 0)
-    pfatal_with_name ("user_access: setregid");
-#endif
-#endif
-
-  current_access = user;
-
-  log_access (_("User access"));
-
-#endif  /* GETLOADAVG_PRIVILEGED */
-}
-
-/* Give the process appropriate permissions for access to
-   make data (i.e., the load average).  */
-void
-make_access (void)
-{
-#ifdef  GETLOADAVG_PRIVILEGED
-
-  if (!access_inited)
-    init_access ();
-
-  if (current_access == make)
-    return;
-
-  /* See comments in user_access, above.  */
-
-#ifdef  HAVE_SETEUID
-  if (seteuid (make_uid) < 0)
-    pfatal_with_name ("make_access: seteuid");
-#else
-#ifndef HAVE_SETREUID
-  if (setuid (make_uid) < 0)
-    pfatal_with_name ("make_access: setuid");
-#else
-  if (setreuid (user_uid, make_uid) < 0)
-    pfatal_with_name ("make_access: setreuid");
-#endif
-#endif
-
-#ifdef  HAVE_SETEGID
-  if (setegid (make_gid) < 0)
-    pfatal_with_name ("make_access: setegid");
-#else
-#ifndef HAVE_SETREGID
-  if (setgid (make_gid) < 0)
-    pfatal_with_name ("make_access: setgid");
-#else
-  if (setregid (user_gid, make_gid) < 0)
-    pfatal_with_name ("make_access: setregid");
-#endif
-#endif
-
-  current_access = make;
-
-  log_access (_("Make access"));
-
-#endif  /* GETLOADAVG_PRIVILEGED */
-}
-
-/* Give the process appropriate permissions for a child process.
-   This is like user_access, but you can't get back to make_access.  */
-void
-child_access (void)
-{
-#ifdef  GETLOADAVG_PRIVILEGED
-
-  if (!access_inited)
-    abort ();
-
-  /* Set both the real and effective UID and GID to the user's.
-     They cannot be changed back to make's.  */
-
-#ifndef HAVE_SETREUID
-  if (setuid (user_uid) < 0)
-    pfatal_with_name ("child_access: setuid");
-#else
-  if (setreuid (user_uid, user_uid) < 0)
-    pfatal_with_name ("child_access: setreuid");
-#endif
-
-#ifndef HAVE_SETREGID
-  if (setgid (user_gid) < 0)
-    pfatal_with_name ("child_access: setgid");
-#else
-  if (setregid (user_gid, user_gid) < 0)
-    pfatal_with_name ("child_access: setregid");
-#endif
-
-  log_access (_("Child access"));
-
-#endif  /* GETLOADAVG_PRIVILEGED */
-}
 
 #ifdef NEED_GET_PATH_MAX
 unsigned int
diff --git a/src/remote-cstms.c b/src/remote-cstms.c
index 49cea18b..ffbfa067 100644
--- a/src/remote-cstms.c
+++ b/src/remote-cstms.c
@@ -77,19 +77,12 @@ start_remote_job_p (int first_p)
           return 0;
         }
 
-      /* For secure Customs, make is installed setuid root and
-         Customs requires a privileged source port be used.  */
-      make_access ();
-
       if (ISDB (DB_JOBS))
         Rpc_Debug (1);
 
       /* Ping the daemon once to see if it is there.  */
       inited = Customs_Ping () == RPC_SUCCESS ? 1 : -1;
 
-      /* Return to normal user access.  */
-      user_access ();
-
       if (starting_directory == 0)
         /* main couldn't figure it out.  */
         inited = -1;
@@ -175,7 +168,7 @@ start_remote_job (char **argv, char **envp, int stdin_fd,
   len = Customs_MakeWayBill (&permit, normalized_cwd, argv[0], argv,
                              envp, retport, waybill);
 
-  /* Modify the waybill as if the remote child had done 'child_access ()'.  */
+  /* Modify the waybill for the child's uid/gid.  */
   {
     WayBill *wb = (WayBill *) waybill;
     wb->ruid = wb->euid;