5 files changed, 7 insertions, 63 deletions

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e468efa1..2c80da90 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -63,11 +63,11 @@ jobs:
     - name: Bootstrap
       run: ./autogen.sh
     - name: Configure
-      run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
+      run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
     - name: Build
       run: make -k
     - name: Distcheck
-      run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities'
+      run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
 
   build-ubuntu-latest-full-featured-clang:
     runs-on: ubuntu-latest
@@ -85,11 +85,11 @@ jobs:
     - name: Bootstrap
       run: ./autogen.sh
     - name: Configure
-      run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
+      run: ./configure --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
     - name: Build
       run: make -k
     - name: Distcheck
-      run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities'
+      run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities'
 
   build-ubuntu-latest-gcc-static:
     runs-on: ubuntu-latest
@@ -104,11 +104,11 @@ jobs:
     - name: Bootstrap
       run: ./autogen.sh
     - name: Configure
-      run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities
+      run: ./configure --enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities
     - name: Build
       run: make -k
     - name: Distcheck
-      run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --enable-setuid --disable-delayacct --enable-sensors --enable-capabilities'
+      run: make distcheck DISTCHECK_CONFIGURE_FLAGS='--enable-static --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --disable-hwloc --disable-delayacct --enable-sensors --enable-capabilities'
 
   build-ubuntu-latest-clang-analyzer:
     runs-on: ubuntu-latest
@@ -126,7 +126,7 @@ jobs:
     - name: Bootstrap
       run: ./autogen.sh
     - name: Configure
-      run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-setuid --enable-delayacct --enable-sensors --enable-capabilities
+      run: scan-build-11 -analyze-headers --status-bugs ./configure --enable-debug --enable-werror --enable-openvz --enable-vserver --enable-ancient-vserver --enable-unicode --enable-hwloc --enable-delayacct --enable-sensors --enable-capabilities
     - name: Build
       run: scan-build-11 -analyze-headers --status-bugs make -j"$(nproc)"
 
diff --git a/CRT.c b/CRT.c
index 7e651c3b..aa115abe 100644
--- a/CRT.c
+++ b/CRT.c
@@ -658,37 +658,6 @@ static void CRT_handleSIGTERM(int sgn) {
    _exit(0);
 }
 
-#ifdef HAVE_SETUID_ENABLED
-
-static int CRT_euid = -1;
-
-static int CRT_egid = -1;
-
-void CRT_dropPrivileges() {
-   CRT_egid = getegid();
-   CRT_euid = geteuid();
-   if (setegid(getgid()) == -1) {
-      CRT_fatalError("Fatal error: failed dropping group privileges");
-   }
-   if (seteuid(getuid()) == -1) {
-      CRT_fatalError("Fatal error: failed dropping user privileges");
-   }
-}
-
-void CRT_restorePrivileges() {
-   if (CRT_egid == -1 || CRT_euid == -1) {
-      CRT_fatalError("Fatal error: internal inconsistency");
-   }
-   if (setegid(CRT_egid) == -1) {
-      CRT_fatalError("Fatal error: failed restoring group privileges");
-   }
-   if (seteuid(CRT_euid) == -1) {
-      CRT_fatalError("Fatal error: failed restoring user privileges");
-   }
-}
-
-#endif /* HAVE_SETUID_ENABLED */
-
 #ifndef NDEBUG
 
 static int stderrRedirectNewFd = -1;
diff --git a/CRT.h b/CRT.h
index e77ec3dc..ddd00169 100644
--- a/CRT.h
+++ b/CRT.h
@@ -160,20 +160,9 @@ extern int CRT_scrollWheelVAmount;
 
 extern ColorScheme CRT_colorScheme;
 
-#ifdef HAVE_SETUID_ENABLED
-
-void CRT_dropPrivileges(void);
-
-void CRT_restorePrivileges(void);
-
-#else /* HAVE_SETUID_ENABLED */
-
-/* Turn setuid operations into NOPs */
 static inline void CRT_dropPrivileges(void) { }
 static inline void CRT_restorePrivileges(void) { }
 
-#endif /* HAVE_SETUID_ENABLED */
-
 void CRT_init(const Settings* settings, bool allowUnicode);
 
 void CRT_done(void);
diff --git a/README b/README
index 09ec9347..a9cb1dfb 100644
--- a/README
+++ b/README
@@ -58,9 +58,6 @@ By default `make install` will install into `/usr/local`, for changing the path
     enable hwloc support for CPU affinity; disables Linux affinity
     dependency: *libhwloc*
     default: *no*
-  * `--enable-setuid`:
-    enable setuid support for privilege dropping
-    default: *no*
   * `--enable-static`:
     build a static htop binary; hwloc and delay accounting are not supported
     default: *no*
diff --git a/configure.ac b/configure.ac
index b2e3fefb..ee7e8ee5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -316,16 +316,6 @@ case "$enable_hwloc" in
       ;;
 esac
 
-
-AC_ARG_ENABLE([setuid],
-              [AS_HELP_STRING([--enable-setuid],
-                              [enable setuid support for privilege dropping @<:@default=no@:>@])],
-              [],
-              [enable_setuid=no])
-if test "x$enable_setuid" = xyes; then
-   AC_DEFINE([HAVE_SETUID_ENABLED], [1], [Define if setuid support should be enabled.])
-fi
-
 # ----------------------------------------------------------------------
 
 
@@ -628,7 +618,6 @@ AC_MSG_RESULT([
   (Linux) capabilities:      $enable_capabilities
   unicode:                   $enable_unicode
   hwloc:                     $enable_hwloc
-  setuid:                    $enable_setuid
   debug:                     $enable_debug
   static:                    $enable_static
 ])