diff options
author | Peter Powell <petpow@saberuk.com> | 2019-12-08 23:08:57 +0000 |
---|---|---|
committer | Peter Powell <petpow@saberuk.com> | 2019-12-08 23:08:57 +0000 |
commit | cca482b0061d43818e176c427616b0f6a4a86387 (patch) | |
tree | 747163c6cb3e2ec6ea5f93e68a65b8936aa143f5 | |
parent | bd20bdda21a242f0a54da327bf08049562078a9b (diff) |
Improve behaviour when running as root.
- Only give the annoying message about root if --runasroot is not
specified.
- If --runasroot is specified then assume the user knows what they
are doing.
- Move CheckRoot to a static function in inspircd.cpp.
-rw-r--r-- | include/exitcodes.h | 2 | ||||
-rw-r--r-- | include/inspircd.h | 5 | ||||
-rw-r--r-- | src/helperfuncs.cpp | 12 | ||||
-rw-r--r-- | src/inspircd.cpp | 38 |
4 files changed, 21 insertions, 36 deletions
diff --git a/include/exitcodes.h b/include/exitcodes.h index b1090d141..737433def 100644 --- a/include/exitcodes.h +++ b/include/exitcodes.h @@ -33,7 +33,7 @@ enum ExitStatus EXIT_STATUS_ARGV = 5, /* Invalid program arguments */ EXIT_STATUS_PID = 6, /* Couldn't write PID file */ EXIT_STATUS_SOCKETENGINE = 7, /* Couldn't start socket engine */ - EXIT_STATUS_ROOT = 8, /* Refusing to start as root */ + EXIT_STATUS_ROOT = 8, /* DEPRECATED */ EXIT_STATUS_MODULE = 9, /* Couldn't load a required module */ EXIT_STATUS_SIGTERM = 10 /* Received SIGTERM */ }; diff --git a/include/inspircd.h b/include/inspircd.h index 56ad556d7..f3e718dcc 100644 --- a/include/inspircd.h +++ b/include/inspircd.h @@ -192,11 +192,6 @@ class CoreExport InspIRCd ClientProtocol::RFCEvents rfcevents; - /** Check we aren't running as root, and exit if we are - * with exit code EXIT_STATUS_ROOT. - */ - void CheckRoot(); - public: UIDGenerator UIDGen; diff --git a/src/helperfuncs.cpp b/src/helperfuncs.cpp index 70ac2f0e6..94938ef12 100644 --- a/src/helperfuncs.cpp +++ b/src/helperfuncs.cpp @@ -338,18 +338,6 @@ bool InspIRCd::IsSID(const std::string &str) ((str[2] >= 'A' && str[2] <= 'Z') || isdigit(str[2]))); } -void InspIRCd::CheckRoot() -{ -#ifndef _WIN32 - if (geteuid() == 0) - { - std::cout << "ERROR: You are running an irc server as root! DO NOT DO THIS!" << std::endl << std::endl; - this->Logs->Log("STARTUP", LOG_DEFAULT, "Can't start as root"); - Exit(EXIT_STATUS_ROOT); - } -#endif -} - /** A lookup table of values for multiplier characters used by * InspIRCd::Duration(). In this lookup table, the indexes for * the ascii values 'm' and 'M' have the value '60', the indexes diff --git a/src/inspircd.cpp b/src/inspircd.cpp index f35da105d..94894557b 100644 --- a/src/inspircd.cpp +++ b/src/inspircd.cpp @@ -71,7 +71,7 @@ const char* ExitCodes[] = "Bad commandline parameters", // 5 "Can't write PID file", // 6 "SocketEngine could not initialize", // 7 - "Refusing to start up as root", // 8 + "UNUSED", // 8 "Couldn't load module on startup", // 9 "Received SIGTERM" // 10 }; @@ -80,6 +80,23 @@ namespace { void VoidSignalHandler(int); + // Warns a user running as root that they probably shouldn't. + void CheckRoot() + { +#ifndef _WIN32 + if (getegid() != 0 && geteuid() != 0) + return; + + std::cout << con_red << "Warning!" << con_reset << " You have started as root. Running as root is generally not required" << std::endl + << "and may allow an attacker to gain access to your system if they find a way to" << std::endl + << "exploit your IRC server." << std::endl + << std::endl + << "InspIRCd will start in 30 seconds. If you are sure that you need to run as root" << std::endl + << "then you can pass the " << con_bright << "--runasroot" << con_reset << " option to disable this wait." << std::endl; + sleep(30); +#endif + } + // Collects performance statistics for the STATS command. void CollectStats() { @@ -465,24 +482,9 @@ InspIRCd::InspIRCd(int argc, char** argv) Exit(EXIT_STATUS_CONFIG); } -#ifndef _WIN32 - if (!do_root) - this->CheckRoot(); - else - { - std::cout << "* WARNING * WARNING * WARNING * WARNING * WARNING *" << std::endl - << "YOU ARE RUNNING INSPIRCD AS ROOT. THIS IS UNSUPPORTED" << std::endl - << "AND IF YOU ARE HACKED, CRACKED, SPINDLED OR MUTILATED" << std::endl - << "OR ANYTHING ELSE UNEXPECTED HAPPENS TO YOU OR YOUR" << std::endl - << "SERVER, THEN IT IS YOUR OWN FAULT. IF YOU DID NOT MEAN" << std::endl - << "TO START INSPIRCD AS ROOT, HIT CTRL+C NOW AND RESTART" << std::endl - << "THE PROGRAM AS A NORMAL USER. YOU HAVE BEEN WARNED!" << std::endl << std::endl - << "InspIRCd starting in 20 seconds, ctrl+c to abort..." << std::endl; - sleep(20); - } -#endif - SetSignals(); + if (!do_root) + CheckRoot(); if (!Config->cmdline.nofork && !ForkIntoBackground()) { |