Prevent unintentionally running as root

Some users try to run Subsurface as root for example to get around
permission problems with dive computer devices. This is a bad idea
since config files get touched as root and then cannot be read
as normal user anymore.

This patch allows running as root only with verbose option on. We can
assume if somebody manages to start subsurface as root this happens
from the command line.

For some reason, I couldn't get translation working at this stage.

Windows version is a stub.

Signed-off-by: Robert C. Helling <helling@atdotde.de>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
This commit is contained in:
Robert C. Helling 2016-03-25 09:21:45 +01:00 committed by Dirk Hohndel
parent d99c931219
commit e216f91ebc
7 changed files with 28 additions and 2 deletions

View file

@ -495,7 +495,7 @@ extern const struct units SI_units, IMPERIAL_units;
extern struct units xml_parsing_units; extern struct units xml_parsing_units;
extern struct units *get_units(void); extern struct units *get_units(void);
extern int run_survey, verbose, quit; extern int run_survey, verbose, quit, force_root;
struct dive_table { struct dive_table {
int nr, allocated, preexisting; int nr, allocated, preexisting;
@ -697,6 +697,7 @@ extern struct zip *subsurface_zip_open_readonly(const char *path, int flags, int
extern int subsurface_zip_close(struct zip *zip); extern int subsurface_zip_close(struct zip *zip);
extern void subsurface_console_init(bool dedicated); extern void subsurface_console_init(bool dedicated);
extern void subsurface_console_exit(void); extern void subsurface_console_exit(void);
extern bool subsurface_user_is_root(void);
extern void shift_times(const timestamp_t amount); extern void shift_times(const timestamp_t amount);
extern timestamp_t get_times(); extern timestamp_t get_times();

View file

@ -225,3 +225,8 @@ void subsurface_console_exit(void)
{ {
/* NOP */ /* NOP */
} }
bool subsurface_user_is_root()
{
return (geteuid() == 0);
}

View file

@ -211,3 +211,8 @@ void subsurface_console_exit(void)
{ {
/* NOP */ /* NOP */
} }
bool subsurface_user_is_root()
{
return (geteuid() == 0);
}

View file

@ -23,7 +23,7 @@
#include "device.h" #include "device.h"
#include "membuffer.h" #include "membuffer.h"
int verbose, quit; int verbose, quit, force_root;
int metric = 1; int metric = 1;
int last_xml_version = -1; int last_xml_version = -1;
int diveid = -1; int diveid = -1;

View file

@ -217,6 +217,10 @@ void parse_argument(const char *arg)
run_survey = true; run_survey = true;
return; return;
} }
if (strcmp(arg, "--allow_run_as_root") == 0) {
++force_root;
return;
}
if (strcmp(arg, "--win32console") == 0) if (strcmp(arg, "--win32console") == 0)
return; return;
/* fallthrough */ /* fallthrough */

View file

@ -446,3 +446,9 @@ void subsurface_console_exit(void)
FreeConsole(); FreeConsole();
#endif #endif
} }
bool subsurface_user_is_root()
{
/* FIXME: Detect admin rights */
return (false);
}

View file

@ -59,6 +59,11 @@ int main(int argc, char **argv)
files.push_back(a); files.push_back(a);
} }
} }
if (subsurface_user_is_root() && !force_root) {
printf("You are running Subsurface as root. This is not recommended.\n");
printf("If you insist to do so, run with option --allow_run_as_root.\n");
exit(0);
}
#if !LIBGIT2_VER_MAJOR && LIBGIT2_VER_MINOR < 22 #if !LIBGIT2_VER_MAJOR && LIBGIT2_VER_MINOR < 22
git_threads_init(); git_threads_init();
#else #else