summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xconfigure47
-rw-r--r--configure.ac45
-rw-r--r--src/common/core.c65
3 files changed, 152 insertions, 5 deletions
diff --git a/configure b/configure
index 88950feb3..053dc0df2 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.ac c96e3c4.
+# From configure.ac 1a78266.
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69.
#
@@ -3444,6 +3444,51 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
+# Root-check
+host_is="`uname`"
+case $host_os in
+CYGWIN*)
+ ;;
+*)
+ if type id >/dev/null 2>&1; then
+ euid="`id -u`"
+ if test "$euid" == "0"; then
+ echo ""
+ echo "********************************************************************************"
+ echo '* W A R N I N G /!\ *'
+ echo "********************************************************************************"
+ echo "* It appears that you're planning to run Hercules with root privileges. That's *"
+ echo "* not necessary, nor recommended, and it may open your machine to unnecessary *"
+ echo "* security risks. You should never ever run software as root unless it *"
+ echo "* requires the extra privileges (which Hercules does not.) *"
+ echo "* *"
+ echo "* More info: *"
+ echo "* http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html *"
+ echo "* https://wiki.debian.org/sudo *"
+ echo "* http://wiki.centos.org/TipsAndTricks/BecomingRoot *"
+ echo "* http://fedoraproject.org/wiki/Configuring_Sudo *"
+ echo "* https://help.ubuntu.com/community/RootSudo *"
+ echo "* http://www.freebsdwiki.net/index.php/Root *"
+ echo "* *"
+ echo "* If your service provider forces (or encourages) you to run server software *"
+ echo "* as root, please complain to them. It is a very bad idea. *"
+ echo "********************************************************************************"
+ echo "Execution will be paused for 60 seconds... Press Ctrl-C now if you wish to stop."
+ for j in 1 2 3 4 5 6; do
+ for i in 1 2 3 4 5 6 7 8 9 10; do
+ printf "\a. "
+ sleep 1
+ done
+ echo ""
+ done
+ echo ""
+ echo "Resuming as root. If anything breaks, you'll get to keep the pieces."
+ sleep 2
+ fi
+ fi
+ ;;
+esac
+
#
# Memory managers
#
diff --git a/configure.ac b/configure.ac
index d6f783505..7b7590813 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,6 +37,51 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
[AC_GNU_SOURCE]
)
+# Root-check
+host_is="`uname`"
+case $host_os in
+CYGWIN*)
+ ;;
+*)
+ if type id >/dev/null 2>&1; then
+ euid="`id -u`"
+ if test "$euid" == "0"; then
+ echo ""
+ echo "********************************************************************************"
+ echo '* W A R N I N G /!\ *'
+ echo "********************************************************************************"
+ echo "* It appears that you're planning to run Hercules with root privileges. That's *"
+ echo "* not necessary, nor recommended, and it may open your machine to unnecessary *"
+ echo "* security risks. You should never ever run software as root unless it *"
+ echo "* requires the extra privileges (which Hercules does not.) *"
+ echo "* *"
+ echo "* More info: *"
+ echo "* http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html *"
+ echo "* https://wiki.debian.org/sudo *"
+ echo "* http://wiki.centos.org/TipsAndTricks/BecomingRoot *"
+ echo "* http://fedoraproject.org/wiki/Configuring_Sudo *"
+ echo "* https://help.ubuntu.com/community/RootSudo *"
+ echo "* http://www.freebsdwiki.net/index.php/Root *"
+ echo "* *"
+ echo "* If your service provider forces (or encourages) you to run server software *"
+ echo "* as root, please complain to them. It is a very bad idea. *"
+ echo "********************************************************************************"
+ echo "Execution will be paused for 60 seconds... Press Ctrl-C now if you wish to stop."
+ for j in 1 2 3 4 5 6; do
+ for i in 1 2 3 4 5 6 7 8 9 10; do
+ printf "\a. "
+ sleep 1
+ done
+ echo ""
+ done
+ echo ""
+ echo "Resuming as root. If anything breaks, you'll get to keep the pieces."
+ sleep 2
+ fi
+ fi
+ ;;
+esac
+
#
# Memory managers
#
diff --git a/src/common/core.c b/src/common/core.c
index ccd80c44b..08ed4b71b 100644
--- a/src/common/core.c
+++ b/src/common/core.c
@@ -33,6 +33,7 @@
#include "common/strlib.h"
#include "common/sysinfo.h"
#include "common/nullpo.h"
+#include "common/utils.h"
#ifndef MINICORE
# include "common/HPM.h"
@@ -42,7 +43,6 @@
# include "common/sql.h"
# include "common/thread.h"
# include "common/timer.h"
-# include "common/utils.h"
#endif
#ifndef _WIN32
@@ -54,6 +54,28 @@
#include <stdio.h>
#include <stdlib.h>
+/*
+ * Uncomment the line below if you want to silence the root warning on startup
+ * (not recommended, as it opens the machine to security risks. You should
+ * never ever run software as root unless it requires the extra privileges
+ * (which Hercules does not.)
+ * More info:
+ * http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html
+ * http://www.gentoo.org/doc/en/security/security-handbook.xml?style=printable&part=1&chap=1#doc_chap4
+ * http://wiki.centos.org/TipsAndTricks/BecomingRoot
+ * http://fedoraproject.org/wiki/Configuring_Sudo
+ * https://help.ubuntu.com/community/RootSudo
+ * http://www.freebsdwiki.net/index.php/Root
+ *
+ * If your service provider forces (or encourages) you to run server software
+ * as root, please complain to them before and after uncommenting this line,
+ * since it is a very bad idea.
+ * Please note that NO SUPPORT will be given if you uncomment the following line.
+ */
+//#define I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
+// And don't complain to us if the XYZ plugin you installed wiped your hard disk, or worse.
+// Note: This feature is deprecated, and should not be used.
+
/// Called when a terminate signal is received.
void (*shutdown_callback)(void) = NULL;
@@ -172,11 +194,45 @@ void signals_init (void) {
/**
* Warns the user if executed as superuser (root)
+ *
+ * @retval false if the check didn't pass and the program should be terminated.
*/
-void usercheck(void) {
+bool usercheck(void)
+{
+#ifndef _WIN32
if (sysinfo->is_superuser()) {
- ShowWarning("You are running Hercules with root privileges, it is not necessary.\n");
+ if (!isatty(fileno(stdin))) {
+ ShowFatalError("You are running Hercules with root privileges, it is not necessary, nor recommended. "
+ "Aborting.\n");
+ return false; // Don't allow noninteractive execution regardless.
+ }
+ ShowError("You are running Hercules with root privileges, it is not necessary, nor recommended.\n");
+#ifdef I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
+#warning This Hercules build is not eligible to obtain support by the developers.
+#warning The setting I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT is deprecated and should not be used.
+#else // not I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
+ ShowNotice("Execution will be paused for 60 seconds. Press Ctrl-C if you wish to quit.\n");
+ ShowNotice("If you want to get rid of this message, please open %s and uncomment, near the top, the line saying:\n"
+ "\t\"//#define I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT\"\n", __FILE__);
+ ShowNotice("Note: In a near future, this courtesy notice will go away. "
+ "Please update your infrastructure not to require root privileges before then.\n");
+ ShowWarning("It's recommended that you " CL_WHITE "press CTRL-C now!" CL_RESET "\n");
+ {
+ int i;
+ for (i = 0; i < 60; i++) {
+ ShowMessage("\a *");
+ HSleep(1);
+ }
+ }
+ ShowMessage("\n");
+ ShowNotice("Resuming operations with root privileges. "
+ CL_RED "If anything breaks, you get to keep the pieces, "
+ "and the Hercules developers won't be able to help you."
+ CL_RESET "\n");
+#endif // I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
}
+#endif // not _WIN32
+ return true;
}
void core_defaults(void) {
@@ -426,7 +482,8 @@ int main (int argc, char **argv) {
if (!(showmsg->silent&0x1))
console->display_title();
- usercheck();
+ if (!usercheck())
+ return EXIT_FAILURE;
#ifdef MINICORE // minimalist Core
do_init(argc,argv);