Added messages to discourage running Hercules as root.

- You should not run Hercules as root, period.
- If you understand all of the security implications, and still want to
  do so (and you don't want to be bothered by the warning messages),
  open core.c and uncomment the line:
  "//#define I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT"
- If you're running Hercules as root because your provider forces (or
  encourages) you to do so, it means they're really doing it wrong, so
  please complain to them and ask them for an alternative.
- More info on the topic:
  http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html
  https://wiki.debian.org/sudo
  http://wiki.centos.org/TipsAndTricks/BecomingRoot
  http://fedoraproject.org/wiki/Configuring_Sudo
  https://help.ubuntu.com/community/RootSudo
  http://www.freebsdwiki.net/index.php/Root

Signed-off-by: Haru <haru@dotalux.com>

3 files changed, 152 insertions, 5 deletions

diff --git a/configure b/configure
index 88950feb3..053dc0df2 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
 #! /bin/sh
-# From configure.ac c96e3c4.
+# From configure.ac 1a78266.
 # Guess values for system-dependent variables and create Makefiles.
 # Generated by GNU Autoconf 2.69.
 #
@@ -3444,6 +3444,51 @@ $as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
 
 
 
+# Root-check
+host_is="`uname`"
+case $host_os in
+CYGWIN*)
+	;;
+*)
+	if type id >/dev/null 2>&1; then
+		euid="`id -u`"
+		if test "$euid" == "0"; then
+			echo ""
+			echo "********************************************************************************"
+			echo '*                            W A R N I N G      /!\                            *'
+			echo "********************************************************************************"
+			echo "* It appears that you're planning to run Hercules with root privileges. That's *"
+			echo "* not necessary, nor recommended, and it may open your machine to unnecessary  *"
+			echo "* security risks.  You should never ever run software as root unless it        *"
+			echo "* requires the extra privileges (which Hercules does not.)                     *"
+			echo "*                                                                              *"
+			echo "* More info:                                                                   *"
+			echo "* http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html                 *"
+			echo "* https://wiki.debian.org/sudo                                                 *"
+			echo "* http://wiki.centos.org/TipsAndTricks/BecomingRoot                            *"
+			echo "* http://fedoraproject.org/wiki/Configuring_Sudo                               *"
+			echo "* https://help.ubuntu.com/community/RootSudo                                   *"
+			echo "* http://www.freebsdwiki.net/index.php/Root                                    *"
+			echo "*                                                                              *"
+			echo "* If your service provider forces (or encourages) you to run server software   *"
+			echo "* as root, please complain to them. It is a very bad idea.                     *"
+			echo "********************************************************************************"
+			echo "Execution will be paused for 60 seconds... Press Ctrl-C now if you wish to stop."
+			for j in 1 2 3 4 5 6; do
+				for i in 1 2 3 4 5 6 7 8 9 10; do
+					printf "\a. "
+					sleep 1
+				done
+				echo ""
+			done
+			echo ""
+			echo "Resuming as root. If anything breaks, you'll get to keep the pieces."
+			sleep 2
+		fi
+	fi
+	;;
+esac
+
 #
 # Memory managers
 #
diff --git a/configure.ac b/configure.ac
index d6f783505..7b7590813 100644
--- a/configure.ac
+++ b/configure.ac
@@ -37,6 +37,51 @@ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
 	[AC_GNU_SOURCE]
 )
 
+# Root-check
+host_is="`uname`"
+case $host_os in
+CYGWIN*)
+	;;
+*)
+	if type id >/dev/null 2>&1; then
+		euid="`id -u`"
+		if test "$euid" == "0"; then
+			echo ""
+			echo "********************************************************************************"
+			echo '*                            W A R N I N G      /!\                            *'
+			echo "********************************************************************************"
+			echo "* It appears that you're planning to run Hercules with root privileges. That's *"
+			echo "* not necessary, nor recommended, and it may open your machine to unnecessary  *"
+			echo "* security risks.  You should never ever run software as root unless it        *"
+			echo "* requires the extra privileges (which Hercules does not.)                     *"
+			echo "*                                                                              *"
+			echo "* More info:                                                                   *"
+			echo "* http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html                 *"
+			echo "* https://wiki.debian.org/sudo                                                 *"
+			echo "* http://wiki.centos.org/TipsAndTricks/BecomingRoot                            *"
+			echo "* http://fedoraproject.org/wiki/Configuring_Sudo                               *"
+			echo "* https://help.ubuntu.com/community/RootSudo                                   *"
+			echo "* http://www.freebsdwiki.net/index.php/Root                                    *"
+			echo "*                                                                              *"
+			echo "* If your service provider forces (or encourages) you to run server software   *"
+			echo "* as root, please complain to them. It is a very bad idea.                     *"
+			echo "********************************************************************************"
+			echo "Execution will be paused for 60 seconds... Press Ctrl-C now if you wish to stop."
+			for j in 1 2 3 4 5 6; do
+				for i in 1 2 3 4 5 6 7 8 9 10; do
+					printf "\a. "
+					sleep 1
+				done
+				echo ""
+			done
+			echo ""
+			echo "Resuming as root. If anything breaks, you'll get to keep the pieces."
+			sleep 2
+		fi
+	fi
+	;;
+esac
+
 #
 # Memory managers
 #
diff --git a/src/common/core.c b/src/common/core.c
index ccd80c44b..08ed4b71b 100644
--- a/src/common/core.c
+++ b/src/common/core.c
@@ -33,6 +33,7 @@
 #include "common/strlib.h"
 #include "common/sysinfo.h"
 #include "common/nullpo.h"
+#include "common/utils.h"
 
 #ifndef MINICORE
 #	include "common/HPM.h"
@@ -42,7 +43,6 @@
 #	include "common/sql.h"
 #	include "common/thread.h"
 #	include "common/timer.h"
-#	include "common/utils.h"
 #endif
 
 #ifndef _WIN32
@@ -54,6 +54,28 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+/*
+ * Uncomment the line below if you want to silence the root warning on startup
+ * (not recommended, as it opens the machine to security risks. You should
+ * never ever run software as root unless it requires the extra privileges
+ * (which Hercules does not.)
+ * More info:
+ * http://www.tldp.org/HOWTO/Security-HOWTO/local-security.html
+ * http://www.gentoo.org/doc/en/security/security-handbook.xml?style=printable&part=1&chap=1#doc_chap4
+ * http://wiki.centos.org/TipsAndTricks/BecomingRoot
+ * http://fedoraproject.org/wiki/Configuring_Sudo
+ * https://help.ubuntu.com/community/RootSudo
+ * http://www.freebsdwiki.net/index.php/Root
+ *
+ * If your service provider forces (or encourages) you to run server software
+ * as root, please complain to them before and after uncommenting this line,
+ * since it is a very bad idea.
+ * Please note that NO SUPPORT will be given if you uncomment the following line.
+ */
+//#define I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
+// And don't complain to us if the XYZ plugin you installed wiped your hard disk, or worse.
+// Note: This feature is deprecated, and should not be used.
+
 /// Called when a terminate signal is received.
 void (*shutdown_callback)(void) = NULL;
 
@@ -172,11 +194,45 @@ void signals_init (void) {
 
 /**
  * Warns the user if executed as superuser (root)
+ *
+ * @retval false if the check didn't pass and the program should be terminated.
  */
-void usercheck(void) {
+bool usercheck(void)
+{
+#ifndef _WIN32
 	if (sysinfo->is_superuser()) {
-		ShowWarning("You are running Hercules with root privileges, it is not necessary.\n");
+		if (!isatty(fileno(stdin))) {
+			ShowFatalError("You are running Hercules with root privileges, it is not necessary, nor recommended. "
+					"Aborting.\n");
+			return false; // Don't allow noninteractive execution regardless.
+		}
+		ShowError("You are running Hercules with root privileges, it is not necessary, nor recommended.\n");
+#ifdef I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
+#warning This Hercules build is not eligible to obtain support by the developers.
+#warning The setting I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT is deprecated and should not be used.
+#else // not I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
+		ShowNotice("Execution will be paused for 60 seconds. Press Ctrl-C if you wish to quit.\n");
+		ShowNotice("If you want to get rid of this message, please open %s and uncomment, near the top, the line saying:\n"
+				"\t\"//#define I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT\"\n", __FILE__);
+		ShowNotice("Note: In a near future, this courtesy notice will go away. "
+				"Please update your infrastructure not to require root privileges before then.\n");
+		ShowWarning("It's recommended that you " CL_WHITE "press CTRL-C now!" CL_RESET "\n");
+		{
+			int i;
+			for (i = 0; i < 60; i++) {
+				ShowMessage("\a *");
+				HSleep(1);
+			}
+		}
+		ShowMessage("\n");
+		ShowNotice("Resuming operations with root privileges. "
+				CL_RED "If anything breaks, you get to keep the pieces, "
+				"and the Hercules developers won't be able to help you."
+				CL_RESET "\n");
+#endif // I_AM_AWARE_OF_THE_RISK_AND_STILL_WANT_TO_RUN_HERCULES_AS_ROOT
 	}
+#endif // not _WIN32
+	return true;
 }
 
 void core_defaults(void) {
@@ -426,7 +482,8 @@ int main (int argc, char **argv) {
 	if (!(showmsg->silent&0x1))
 		console->display_title();
 
-	usercheck();
+	if (!usercheck())
+		return EXIT_FAILURE;
 
 #ifdef MINICORE // minimalist Core
 	do_init(argc,argv);