diff options
-rwxr-xr-x | configure | 47 | ||||
-rw-r--r-- | configure.ac | 45 | ||||
-rw-r--r-- | src/common/core.c | 65 |
3 files changed, 152 insertions, 5 deletions
@@ -1,5 +1,5 @@ #! /bin/sh -# From configure.ac c96e3c4. +# From configure.ac 1a78266. # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69. # @@ -3444,6 +3444,51 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } +# Root-check +host_is="`uname`" +case $host_os in +CYGWIN*) + ;; +*) + if type id >/dev/null 2>&1; then + euid="`id -u`" + if test "$euid" == "0"; then + echo "" + echo "********************************************************************************" + echo '* W A R N I N G /!\ *' + echo "********************************************************************************" + echo "* It appears that you're planning to run Hercules with root privileges. That's *" + echo "* not necessary, nor recommended, and it may open your machine to unnecessary *" + echo "* security risks. You should never ever run software as root unless it *" + echo "* requires the extra privileges (which Hercules does not.) *" + echo "* *" + echo "* More info: *" + echo "* http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html *" + echo "* https://wiki.debian.org/sudo *" + echo "* http://wiki.centos.org/TipsAndTricks/BecomingRoot *" + echo "* http://fedoraproject.org/wiki/Configuring_Sudo *" + echo "* https://help.ubuntu.com/community/RootSudo *" + echo "* http://www.freebsdwiki.net/index.php/Root *" + echo "* *" + echo "* If your service provider forces (or encourages) you to run server software *" + echo "* as root, please complain to them. It is a very bad idea. *" + echo "********************************************************************************" + echo "Execution will be paused for 60 seconds... Press Ctrl-C now if you wish to stop." + for j in 1 2 3 4 5 6; do + for i in 1 2 3 4 5 6 7 8 9 10; do + printf "\a. " + sleep 1 + done + echo "" + done + echo "" + echo "Resuming as root. If anything breaks, you'll get to keep the pieces." + sleep 2 + fi + fi + ;; +esac + # # Memory managers # diff --git a/configure.ac b/configure.ac index d6f783505..7b7590813 100644 --- a/configure.ac +++ b/configure.ac @@ -37,6 +37,51 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC_GNU_SOURCE] ) +# Root-check +host_is="`uname`" +case $host_os in +CYGWIN*) + ;; +*) + if type id >/dev/null 2>&1; then + euid="`id -u`" + if test "$euid" == "0"; then + echo "" + echo "********************************************************************************" + echo '* W A R N I N G /!\ *' + echo "********************************************************************************" + echo "* It appears that you're planning to run Hercules with root privileges. That's *" + echo "* not necessary, nor recommended, and it may open your machine to unnecessary *" + echo "* security risks. You should never ever run software as root unless it *" + echo "* requires the extra privileges (which Hercules does not.) *" + echo "* *" + echo "* More info: *" + echo "* http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html *" + echo "* https://wiki.debian.org/sudo *" + echo "* http://wiki.centos.org/TipsAndTricks/BecomingRoot *" + echo "* http://fedoraproject.org/wiki/Configuring_Sudo *" + echo "* https://help.ubuntu.com/community/RootSudo *" + echo "* http://www.freebsdwiki.net/index.php/Root *" + echo "* *" + echo "* If your service provider forces (or encourages) you to run server software *" + echo "* as root, please complain to them. It is a very bad idea. *" + echo "********************************************************************************" + echo "Execution will be paused for 60 seconds... Press Ctrl-C now if you wish to stop." + for j in 1 2 3 4 5 6; do + for i in 1 2 3 4 5 6 7 8 9 10; do + printf "\a. " + sleep 1 + done + echo "" + done + echo "" + echo "Resuming as root. If anything breaks, you'll get to keep the pieces." + sleep 2 + fi + fi + ;; +esac + # # Memory managers # diff --git a/src/common/core.c b/src/common/core.c index ccd80c44b..08ed4b71b 100644 --- a/src/common/core.c +++ b/src/common/core.c @@ -33,6 +33,7 @@ #include "common/strlib.h" #include "common/sysinfo.h" #include "common/nullpo.h" +#include "common/utils.h" #ifndef MINICORE # include "common/HPM.h" @@ -42,7 +43,6 @@ # include "common/sql.h" # include "common/thread.h" # include "common/timer.h" -# include "common/utils.h" #endif #ifndef _WIN32 @@ -54,6 +54,28 @@ #include <stdio.h> #include <stdlib.h> +/* + * Uncomment the line below if you want to silence the root warning on startup + * (not recommended, as it opens the machine to security risks. You should + * never ever run software as root unless it requires the extra privileges + * (which Hercules does not.) + * More info: + * http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html + * http://www.gentoo.org/doc/en/security/security-handbook.xml?style=printable&part=1&chap=1#doc_chap4 + * http://wiki.centos.org/TipsAndTricks/BecomingRoot + * http://fedoraproject.org/wiki/Configuring_Sudo + * https://help.ubuntu.com/community/RootSudo + * http://www.freebsdwiki.net/index.php/Root + * + * If your service provider forces (or encourages) you to run server software + * as root, please complain to them before and after uncommenting this line, + * since it is a very bad idea. + * Please note that NO SUPPORT will be given if you uncomment the following line. + */ +//#define I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT +// And don't complain to us if the XYZ plugin you installed wiped your hard disk, or worse. +// Note: This feature is deprecated, and should not be used. + /// Called when a terminate signal is received. void (*shutdown_callback)(void) = NULL; @@ -172,11 +194,45 @@ void signals_init (void) { /** * Warns the user if executed as superuser (root) + * + * @retval false if the check didn't pass and the program should be terminated. */ -void usercheck(void) { +bool usercheck(void) +{ +#ifndef _WIN32 if (sysinfo->is_superuser()) { - ShowWarning("You are running Hercules with root privileges, it is not necessary.\n"); + if (!isatty(fileno(stdin))) { + ShowFatalError("You are running Hercules with root privileges, it is not necessary, nor recommended. " + "Aborting.\n"); + return false; // Don't allow noninteractive execution regardless. + } + ShowError("You are running Hercules with root privileges, it is not necessary, nor recommended.\n"); +#ifdef I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT +#warning This Hercules build is not eligible to obtain support by the developers. +#warning The setting I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT is deprecated and should not be used. +#else // not I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT + ShowNotice("Execution will be paused for 60 seconds. Press Ctrl-C if you wish to quit.\n"); + ShowNotice("If you want to get rid of this message, please open %s and uncomment, near the top, the line saying:\n" + "\t\"//#define I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT\"\n", __FILE__); + ShowNotice("Note: In a near future, this courtesy notice will go away. " + "Please update your infrastructure not to require root privileges before then.\n"); + ShowWarning("It's recommended that you " CL_WHITE "press CTRL-C now!" CL_RESET "\n"); + { + int i; + for (i = 0; i < 60; i++) { + ShowMessage("\a *"); + HSleep(1); + } + } + ShowMessage("\n"); + ShowNotice("Resuming operations with root privileges. " + CL_RED "If anything breaks, you get to keep the pieces, " + "and the Hercules developers won't be able to help you." + CL_RESET "\n"); +#endif // I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT } +#endif // not _WIN32 + return true; } void core_defaults(void) { @@ -426,7 +482,8 @@ int main (int argc, char **argv) { if (!(showmsg->silent&0x1)) console->display_title(); - usercheck(); + if (!usercheck()) + return EXIT_FAILURE; #ifdef MINICORE // minimalist Core do_init(argc,argv); |