Ticket #1058 (closed enhancement: fixed)

Opened 5 months ago

Last modified 4 months ago

[PATCH] Refuse to run as root

Reported by: Philip Owned by: leper
Priority: Nice to Have Milestone: Alpha 9
Component: Core engine Keywords: simple, patch
Cc:

Description

Sometimes people try running the game as root (via sudo etc) on Linux. That's terribly insecure, and causes problems if the game tries creating directories like ~/.config/0ad/ in the (non-root) user's home directory while running as root (which I think happens occasionally), because the directory ownership will be wrong.

The game should probably detect on startup that the user is root, and print some error message (saying how it's terribly insecure) and terminate, to stop people doing dangerous things.

Attachments

unix-no-root-2012-01-09.patch (1.6 KB) - added by leper 5 months ago.
refuse to run as root if not started with --really-run-as-root
unix-no-root-2012-01-13.patch (1.3 KB) - added by leper 4 months ago.
patch without the --really-run-as-root option; fixed whitespace change in previous version of this patch (same filename)

Change History

Changed 5 months ago by leper

refuse to run as root if not started with --really-run-as-root

comment:1 Changed 5 months ago by leper

  • Keywords simple, review added; simple removed
  • Owner set to leper
  • Status changed from new to assigned
  • Summary changed from Refuse to run as root to [PATCH] Refuse to run as root

comment:2 Changed 5 months ago by leper

  • Keywords review, patch added; review removed
  • Status changed from assigned to closed
  • Resolution set to fixed

With the attached patch the game refuses to run as root (or if called with sudo) on unix-like systems and prints an informative message. It is however still runnable as root if it is called with --really-run-as-root

Please review

comment:3 follow-up: ↓ 4 Changed 5 months ago by leper

  • Status changed from closed to reopened
  • Resolution fixed deleted

i don't think that i can/should be able to close this ticket or?

comment:4 in reply to: ↑ 3 Changed 5 months ago by quantumstate

Replying to leper:

i don't think that i can/should be able to close this ticket or?

It is best to close tickets when it is applied to svn, this normally happens automatically.

comment:5 follow-up: ↓ 6 Changed 4 months ago by historic_bruno

  • Milestone changed from Backlog to Alpha 9

Do we need the --really-run-as-root option? I can't imagine why anyone would want to run the game as root, certainly not an experienced/technologically proficient user. So in that case I'd say simplify the patch and leave that option out :)

comment:6 in reply to: ↑ 5 Changed 4 months ago by leper

Replying to historic_bruno:

Do we need the --really-run-as-root option? I can't imagine why anyone would want to run the game as root, certainly not an experienced/technologically proficient user. So in that case I'd say simplify the patch and leave that option out :)

Regarding the --really-run-as-root option: I'm always in favor of a solution that gives the user the possibility to decide. But due to the open source nature of 0ad I don't think that it is a problem to remove the code if someone really needs to run 0ad as root

Changed 4 months ago by leper

patch without the --really-run-as-root option; fixed whitespace change in previous version of this patch (same filename)

comment:7 Changed 4 months ago by ben

  • Status changed from reopened to closed
  • Resolution set to fixed

(In [10916]) Prevents game from running with root permissions with appropriately scary message on Unix-like OSes, based on patch by leper. Fixes #1058.

comment:8 Changed 4 months ago by historic_bruno

  • Keywords review, removed
Note: See TracTickets for help on using tickets.