summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Powell <petpow@saberuk.com>2019-12-08 23:08:57 +0000
committerPeter Powell <petpow@saberuk.com>2019-12-08 23:08:57 +0000
commitcca482b0061d43818e176c427616b0f6a4a86387 (patch)
tree747163c6cb3e2ec6ea5f93e68a65b8936aa143f5
parentbd20bdda21a242f0a54da327bf08049562078a9b (diff)
Improve behaviour when running as root.
- Only give the annoying message about root if --runasroot is not specified. - If --runasroot is specified then assume the user knows what they are doing. - Move CheckRoot to a static function in inspircd.cpp.
-rw-r--r--include/exitcodes.h2
-rw-r--r--include/inspircd.h5
-rw-r--r--src/helperfuncs.cpp12
-rw-r--r--src/inspircd.cpp38
4 files changed, 21 insertions, 36 deletions
diff --git a/include/exitcodes.h b/include/exitcodes.h
index b1090d141..737433def 100644
--- a/include/exitcodes.h
+++ b/include/exitcodes.h
@@ -33,7 +33,7 @@ enum ExitStatus
EXIT_STATUS_ARGV = 5, /* Invalid program arguments */
EXIT_STATUS_PID = 6, /* Couldn't write PID file */
EXIT_STATUS_SOCKETENGINE = 7, /* Couldn't start socket engine */
- EXIT_STATUS_ROOT = 8, /* Refusing to start as root */
+ EXIT_STATUS_ROOT = 8, /* DEPRECATED */
EXIT_STATUS_MODULE = 9, /* Couldn't load a required module */
EXIT_STATUS_SIGTERM = 10 /* Received SIGTERM */
};
diff --git a/include/inspircd.h b/include/inspircd.h
index 56ad556d7..f3e718dcc 100644
--- a/include/inspircd.h
+++ b/include/inspircd.h
@@ -192,11 +192,6 @@ class CoreExport InspIRCd
ClientProtocol::RFCEvents rfcevents;
- /** Check we aren't running as root, and exit if we are
- * with exit code EXIT_STATUS_ROOT.
- */
- void CheckRoot();
-
public:
UIDGenerator UIDGen;
diff --git a/src/helperfuncs.cpp b/src/helperfuncs.cpp
index 70ac2f0e6..94938ef12 100644
--- a/src/helperfuncs.cpp
+++ b/src/helperfuncs.cpp
@@ -338,18 +338,6 @@ bool InspIRCd::IsSID(const std::string &str)
((str[2] >= 'A' && str[2] <= 'Z') || isdigit(str[2])));
}
-void InspIRCd::CheckRoot()
-{
-#ifndef _WIN32
- if (geteuid() == 0)
- {
- std::cout << "ERROR: You are running an irc server as root! DO NOT DO THIS!" << std::endl << std::endl;
- this->Logs->Log("STARTUP", LOG_DEFAULT, "Can't start as root");
- Exit(EXIT_STATUS_ROOT);
- }
-#endif
-}
-
/** A lookup table of values for multiplier characters used by
* InspIRCd::Duration(). In this lookup table, the indexes for
* the ascii values 'm' and 'M' have the value '60', the indexes
diff --git a/src/inspircd.cpp b/src/inspircd.cpp
index f35da105d..94894557b 100644
--- a/src/inspircd.cpp
+++ b/src/inspircd.cpp
@@ -71,7 +71,7 @@ const char* ExitCodes[] =
"Bad commandline parameters", // 5
"Can't write PID file", // 6
"SocketEngine could not initialize", // 7
- "Refusing to start up as root", // 8
+ "UNUSED", // 8
"Couldn't load module on startup", // 9
"Received SIGTERM" // 10
};
@@ -80,6 +80,23 @@ namespace
{
void VoidSignalHandler(int);
+ // Warns a user running as root that they probably shouldn't.
+ void CheckRoot()
+ {
+#ifndef _WIN32
+ if (getegid() != 0 && geteuid() != 0)
+ return;
+
+ std::cout << con_red << "Warning!" << con_reset << " You have started as root. Running as root is generally not required" << std::endl
+ << "and may allow an attacker to gain access to your system if they find a way to" << std::endl
+ << "exploit your IRC server." << std::endl
+ << std::endl
+ << "InspIRCd will start in 30 seconds. If you are sure that you need to run as root" << std::endl
+ << "then you can pass the " << con_bright << "--runasroot" << con_reset << " option to disable this wait." << std::endl;
+ sleep(30);
+#endif
+ }
+
// Collects performance statistics for the STATS command.
void CollectStats()
{
@@ -465,24 +482,9 @@ InspIRCd::InspIRCd(int argc, char** argv)
Exit(EXIT_STATUS_CONFIG);
}
-#ifndef _WIN32
- if (!do_root)
- this->CheckRoot();
- else
- {
- std::cout << "* WARNING * WARNING * WARNING * WARNING * WARNING *" << std::endl
- << "YOU ARE RUNNING INSPIRCD AS ROOT. THIS IS UNSUPPORTED" << std::endl
- << "AND IF YOU ARE HACKED, CRACKED, SPINDLED OR MUTILATED" << std::endl
- << "OR ANYTHING ELSE UNEXPECTED HAPPENS TO YOU OR YOUR" << std::endl
- << "SERVER, THEN IT IS YOUR OWN FAULT. IF YOU DID NOT MEAN" << std::endl
- << "TO START INSPIRCD AS ROOT, HIT CTRL+C NOW AND RESTART" << std::endl
- << "THE PROGRAM AS A NORMAL USER. YOU HAVE BEEN WARNED!" << std::endl << std::endl
- << "InspIRCd starting in 20 seconds, ctrl+c to abort..." << std::endl;
- sleep(20);
- }
-#endif
-
SetSignals();
+ if (!do_root)
+ CheckRoot();
if (!Config->cmdline.nofork && !ForkIntoBackground())
{