13
0
geforkt von Mirrors/Paper

Un-jankify root user detection

Dieser Commit ist enthalten in:
Noah van der Aa 2024-04-25 19:13:12 +02:00
Ursprung bab31b6f55
Commit f4c7639986
Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
GPG-Schlüssel-ID: 547D90BC6FF753CF
2 geänderte Dateien mit 6 neuen und 23 gelöschten Zeilen

Datei anzeigen

@ -12,19 +12,16 @@ Co-authored-by: Noah van der Aa <ndvdaa@gmail.com>
diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
new file mode 100644 new file mode 100644
index 0000000000000000000000000000000000000000..6bd0afddbcc461149dfe9a5c7a86fff6ea13a5f1 index 0000000000000000000000000000000000000000..68098dfe716e93aafcca4d8d5b5a81d8648b3654
--- /dev/null --- /dev/null
+++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java +++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
@@ -0,0 +1,40 @@ @@ -0,0 +1,23 @@
+package io.papermc.paper.util; +package io.papermc.paper.util;
+ +
+import com.sun.security.auth.module.NTSystem; +import com.sun.security.auth.module.NTSystem;
+import com.sun.security.auth.module.UnixSystem; +import com.sun.security.auth.module.UnixSystem;
+import org.apache.commons.lang.SystemUtils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Set; +import java.util.Set;
+import org.apache.commons.lang.SystemUtils;
+ +
+public class ServerEnvironment { +public class ServerEnvironment {
+ private static final boolean RUNNING_AS_ROOT_OR_ADMIN; + private static final boolean RUNNING_AS_ROOT_OR_ADMIN;
@ -34,21 +31,7 @@ index 0000000000000000000000000000000000000000..6bd0afddbcc461149dfe9a5c7a86fff6
+ if (SystemUtils.IS_OS_WINDOWS) { + if (SystemUtils.IS_OS_WINDOWS) {
+ RUNNING_AS_ROOT_OR_ADMIN = Set.of(new NTSystem().getGroupIDs()).contains(WINDOWS_HIGH_INTEGRITY_LEVEL); + RUNNING_AS_ROOT_OR_ADMIN = Set.of(new NTSystem().getGroupIDs()).contains(WINDOWS_HIGH_INTEGRITY_LEVEL);
+ } else { + } else {
+ boolean isRunningAsRoot = false; + RUNNING_AS_ROOT_OR_ADMIN = new UnixSystem().getUid() == 0;
+ if (new UnixSystem().getUid() == 0) {
+ // Due to an OpenJDK bug (https://bugs.openjdk.java.net/browse/JDK-8274721), UnixSystem#getUid incorrectly
+ // returns 0 when the user doesn't have a username. Because of this, we'll have to double-check if the user ID is
+ // actually 0 by running the id -u command.
+ try {
+ Process process = new ProcessBuilder("id", "-u").start();
+ process.waitFor();
+ InputStream inputStream = process.getInputStream();
+ isRunningAsRoot = new String(inputStream.readAllBytes()).trim().equals("0");
+ } catch (InterruptedException | IOException ignored) {
+ isRunningAsRoot = false;
+ }
+ }
+ RUNNING_AS_ROOT_OR_ADMIN = isRunningAsRoot;
+ } + }
+ } + }
+ +

Datei anzeigen

@ -8,10 +8,10 @@ This patch detects the missing dependency and stops the server with a clear erro
containing a link to instructions on how to install a non-headless JRE. containing a link to instructions on how to install a non-headless JRE.
diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
index 6bd0afddbcc461149dfe9a5c7a86fff6ea13a5f1..148d233f4f5278ff39eacdaa0f4f0e7d73be936a 100644 index 68098dfe716e93aafcca4d8d5b5a81d8648b3654..2b7070e0cefa7cf0777df159693750fea14e800b 100644
--- a/src/main/java/io/papermc/paper/util/ServerEnvironment.java --- a/src/main/java/io/papermc/paper/util/ServerEnvironment.java
+++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java +++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
@@ -37,4 +37,14 @@ public class ServerEnvironment { @@ -20,4 +20,14 @@ public class ServerEnvironment {
public static boolean userIsRootOrAdmin() { public static boolean userIsRootOrAdmin() {
return RUNNING_AS_ROOT_OR_ADMIN; return RUNNING_AS_ROOT_OR_ADMIN;
} }