Security review: make privilege dropping-restoring optional.

This is/was necessary only on macOS, because you needed root in order
to read the process list. This was never necessary on Linux, and
it also raises security concerns, so now it needs to be enabled
explicitly at build time.

1 files changed, 9 insertions, 10 deletions

diff --git a/Settings.c b/Settings.c
index 0e296c10..6a7a9b0a 100644
--- a/Settings.c
+++ b/Settings.c
@@ -165,11 +165,10 @@ static void readFields(ProcessField* fields, int* flags, const char* line) {
 
 static bool Settings_read(Settings* this, const char* fileName) {
    FILE* fd;
-   uid_t euid = geteuid();
-
-   (void) seteuid(getuid());
+   
+   CRT_dropPrivileges();
    fd = fopen(fileName, "r");
-   (void) seteuid(euid);
+   CRT_restorePrivileges();
    if (!fd)
       return false;
    
@@ -278,11 +277,11 @@ static void writeMeterModes(Settings* this, FILE* fd, int column) {
 
 bool Settings_write(Settings* this) {
    FILE* fd;
-   uid_t euid = geteuid();
 
-   (void) seteuid(getuid());
+   CRT_dropPrivileges();
    fd = fopen(this->filename, "w");
-   (void) seteuid(euid);
+   CRT_restorePrivileges();
+
    if (fd == NULL) {
       return false;
    }
@@ -368,8 +367,8 @@ Settings* Settings_new(int cpuCount) {
          htopDir = String_cat(home, "/.config/htop");
       }
       legacyDotfile = String_cat(home, "/.htoprc");
-      uid_t euid = geteuid();
-      (void) seteuid(getuid());
+      
+      CRT_dropPrivileges();
       (void) mkdir(configDir, 0700);
       (void) mkdir(htopDir, 0700);
       free(htopDir);
@@ -382,7 +381,7 @@ Settings* Settings_new(int cpuCount) {
          free(legacyDotfile);
          legacyDotfile = NULL;
       }
-      (void) seteuid(euid);
+      CRT_restorePrivileges();
    }
    this->colorScheme = 0;
    this->changed = false;