SteamWar/Paper-Old
Archiviert
13
0
Fork 0
Code Issues Pull-Requests Projekte Releases Wiki Aktivität
Dieses Repository wurde am 2024-12-25 archiviert. Du kannst Dateien ansehen und es klonen, aber nicht pushen oder Issues/Pull-Requests öffnen.
33bec7f20a
Paper-Old/patches/server/0725-Add-root-admin-user-detection.patch
Noah van der Aa b8edb0e130
Updated Upstream (Bukkit/CraftBukkit/Spigot) (#9648) 
Upstream has released updates that appear to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

Bukkit Changes:
6b34da8f SPIGOT-7467: Add getAddress to RemoteConsoleCommandSender

CraftBukkit Changes:
db4ba2897 SPIGOT-7467: Add getAddress to RemoteConsoleCommandSender
4f7ff4dec PR-1246: Add missing AbstractTestingBase to tests which need them
f70a7b68d SPIGOT-7465, MC-264979: Fresh installations print NoSuchFileException for server.properties
8ef7afef6 PR-1240: Call BlockGrowEvent for vines that are growing on additional sides of an existing vine block

Spigot Changes:
d2eba2c8 Rebuild patches
2023-08-28 13:05:48 +02:00

80 Zeilen
4.1 KiB
Diff
Originalformat Blame Verlauf

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: egg82 <eggys82@gmail.com>
Date: Sat, 11 Sep 2021 22:55:14 +0200
Subject: [PATCH] Add root/admin user detection
This patch detects whether or not the server is currently executing as a privileged user and spits out a warning.
The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past.
Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
Co-authored-by: Noah van der Aa <ndvdaa@gmail.com>
diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
new file mode 100644
index 0000000000000000000000000000000000000000..6bd0afddbcc461149dfe9a5c7a86fff6ea13a5f1
--- /dev/null
+++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
@@ -0,0 +1,40 @@
+package io.papermc.paper.util;
+
+import com.sun.security.auth.module.NTSystem;
+import com.sun.security.auth.module.UnixSystem;
+import org.apache.commons.lang.SystemUtils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Set;
+
+public class ServerEnvironment {
+ private static final boolean RUNNING_AS_ROOT_OR_ADMIN;
+ private static final String WINDOWS_HIGH_INTEGRITY_LEVEL = "S-1-16-12288";
+
+ static {
+ if (SystemUtils.IS_OS_WINDOWS) {
+ RUNNING_AS_ROOT_OR_ADMIN = Set.of(new NTSystem().getGroupIDs()).contains(WINDOWS_HIGH_INTEGRITY_LEVEL);
+ } else {
+ boolean isRunningAsRoot = false;
+ if (new UnixSystem().getUid() == 0) {
+ // Due to an OpenJDK bug (https://bugs.openjdk.java.net/browse/JDK-8274721), UnixSystem#getUid incorrectly
+ // returns 0 when the user doesn't have a username. Because of this, we'll have to double-check if the user ID is
+ // actually 0 by running the id -u command.
+ try {
+ Process process = new ProcessBuilder("id", "-u").start();
+ process.waitFor();
+ InputStream inputStream = process.getInputStream();
+ isRunningAsRoot = new String(inputStream.readAllBytes()).trim().equals("0");
+ } catch (InterruptedException | IOException ignored) {
+ isRunningAsRoot = false;
+ }
+ }
+ RUNNING_AS_ROOT_OR_ADMIN = isRunningAsRoot;
+ }
+ }
+
+ public static boolean userIsRootOrAdmin() {
+ return RUNNING_AS_ROOT_OR_ADMIN;
+ }
+}
diff --git a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
index e2c55689e881a14e457bc21ac42cf126f7af56f2..ad3b5a3b1f63b151d9215584152435cd56e6b622 100644
--- a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
+++ b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
@@ -179,6 +179,16 @@ public class DedicatedServer extends MinecraftServer implements ServerInterface
DedicatedServer.LOGGER.warn("To start the server with more ram, launch it as \"java -Xmx1024M -Xms1024M -jar minecraft_server.jar\"");
}
+ // Paper start - detect running as root
+ if (io.papermc.paper.util.ServerEnvironment.userIsRootOrAdmin()) {
+ DedicatedServer.LOGGER.warn("****************************");
+ DedicatedServer.LOGGER.warn("YOU ARE RUNNING THIS SERVER AS AN ADMINISTRATIVE OR ROOT USER. THIS IS NOT ADVISED.");
+ DedicatedServer.LOGGER.warn("YOU ARE OPENING YOURSELF UP TO POTENTIAL RISKS WHEN DOING THIS.");
+ DedicatedServer.LOGGER.warn("FOR MORE INFORMATION, SEE https://madelinemiller.dev/blog/root-minecraft-server/");
+ DedicatedServer.LOGGER.warn("****************************");
+ }
+ // Paper end
+
DedicatedServer.LOGGER.info("Loading properties");
DedicatedServerProperties dedicatedserverproperties = this.settings.getProperties();
In neuem Issue referenzieren Git Blame ansehen Permalink kopieren