Re: [PATCH] Prevent unintentionally running as root

Robert Helling Sat, 26 Mar 2016 15:28:32 -0700

Hi,

On 25.03.2016, at 17:24, Dirk Hohndel <[email protected]> wrote:

improved, with -r.

Slippery slope warning: There are only 26 loser case letters in the roman alphabet. Use with care!

How about --allow-run-as-root

as you request:

From 9ad100ebe0ca465b56d26659fd8ee8d3e98deed0 Mon Sep 17 00:00:00 2001
From: "Robert C. Helling" <[email protected]>
Date: Fri, 25 Mar 2016 09:21:45 +0100
Subject: [PATCH] Prevent unintentionally running as root
To: [email protected]


Some users try to run Subsurface as root for example to get around
permission problems with dive computer devices. This is a bad idea
since config files get touched as root and then cannot be read
as normal user anymore.

This patch allows running as root only with verbose option on. We can
assume if somebody manages to start subsurface as root this happens
from the command line.

For some reason, I couldn't get translation working at this stage.

Windows version is a stub.

Signed-off-by: Robert C. Helling <[email protected]>
---
 subsurface-core/dive.h              | 3 ++-
 subsurface-core/linux.c             | 6 ++++++
 subsurface-core/macos.c             | 5 +++++
 subsurface-core/parse-xml.c         | 2 +-
 subsurface-core/subsurfacestartup.c | 4 ++++
 subsurface-core/windows.c           | 7 +++++++
 subsurface-desktop-main.cpp         | 5 +++++
 7 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/subsurface-core/dive.h b/subsurface-core/dive.h
index d52ef52..204d348 100644
--- a/subsurface-core/dive.h
+++ b/subsurface-core/dive.h
@@ -495,7 +495,7 @@ extern const struct units SI_units, IMPERIAL_units;
 extern struct units xml_parsing_units;
 
 extern struct units *get_units(void);
-extern int run_survey, verbose, quit;
+extern int run_survey, verbose, quit, force_root;
 
 struct dive_table {
        int nr, allocated, preexisting;
@@ -697,6 +697,7 @@ extern struct zip *subsurface_zip_open_readonly(const char 
*path, int flags, int
 extern int subsurface_zip_close(struct zip *zip);
 extern void subsurface_console_init(bool dedicated);
 extern void subsurface_console_exit(void);
+extern bool subsurface_user_is_root(void);
 
 extern void shift_times(const timestamp_t amount);
 extern timestamp_t get_times();
diff --git a/subsurface-core/linux.c b/subsurface-core/linux.c
index a77f378..cf6e057 100644
--- a/subsurface-core/linux.c
+++ b/subsurface-core/linux.c
@@ -225,3 +225,9 @@ void subsurface_console_exit(void)
 {
        /* NOP */
 }
+
+bool subsurface_user_is_root()
+{
+       return (geteuid() == 0);
+}
+
diff --git a/subsurface-core/macos.c b/subsurface-core/macos.c
index 70cfc08..500412c 100644
--- a/subsurface-core/macos.c
+++ b/subsurface-core/macos.c
@@ -211,3 +211,8 @@ void subsurface_console_exit(void)
 {
        /* NOP */
 }
+
+bool subsurface_user_is_root()
+{
+       return (geteuid() == 0);
+}
diff --git a/subsurface-core/parse-xml.c b/subsurface-core/parse-xml.c
index 17bd69d..e878225 100644
--- a/subsurface-core/parse-xml.c
+++ b/subsurface-core/parse-xml.c
@@ -23,7 +23,7 @@
 #include "device.h"
 #include "membuffer.h"
 
-int verbose, quit;
+int verbose, quit, force_root;
 int metric = 1;
 int last_xml_version = -1;
 int diveid = -1;
diff --git a/subsurface-core/subsurfacestartup.c 
b/subsurface-core/subsurfacestartup.c
index 71b2efb..6e0dede 100644
--- a/subsurface-core/subsurfacestartup.c
+++ b/subsurface-core/subsurfacestartup.c
@@ -217,6 +217,10 @@ void parse_argument(const char *arg)
                                run_survey = true;
                                return;
                        }
+                       if (strcmp(arg, "--allow_run_as_root") == 0) {
+                               ++force_root;
+                               return;
+                       }
                        if (strcmp(arg, "--win32console") == 0)
                                return;
                /* fallthrough */
diff --git a/subsurface-core/windows.c b/subsurface-core/windows.c
index a2386fd..a9cca3e 100644
--- a/subsurface-core/windows.c
+++ b/subsurface-core/windows.c
@@ -446,3 +446,10 @@ void subsurface_console_exit(void)
        FreeConsole();
 #endif
 }
+
+bool subsurface_user_is_root()
+{
+       /* FIXME: Detect admin rights */
+       return (false);
+}
+
diff --git a/subsurface-desktop-main.cpp b/subsurface-desktop-main.cpp
index 2b7bf89..b93b642 100644
--- a/subsurface-desktop-main.cpp
+++ b/subsurface-desktop-main.cpp
@@ -59,6 +59,11 @@ int main(int argc, char **argv)
                        files.push_back(a);
                }
        }
+       if (subsurface_user_is_root() && !force_root) {
+               printf("You are running Subsurface as root. This is not 
recommended.\n");
+               printf("If you insist to do so, run with option 
--allow_run_as_root.\n");
+               exit(0);
+       }
 #if !LIBGIT2_VER_MAJOR && LIBGIT2_VER_MINOR < 22
        git_threads_init();
 #else
-- 
2.5.4 (Apple Git-61)

Best

Robert

signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
subsurface mailing list
[email protected]
http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface

Re: [PATCH] Prevent unintentionally running as root

Reply via email to