Merge branch 'no_root' into 'main'
arti: Do not allow running as root. See merge request tpo/core/arti!688
This commit is contained in:
commit
187c6b48df
|
@ -46,6 +46,7 @@ derive_builder = { version = "0.11", package = "derive_builder_fork_arti" }
|
|||
educe = "0.4.6"
|
||||
fs-mistrust = { path = "../fs-mistrust", version = "0.4.0" }
|
||||
futures = "0.3.14"
|
||||
libc = "0.2"
|
||||
notify = "4.0"
|
||||
once_cell = { version = "1", optional = true }
|
||||
rlimit = "0.8.3"
|
||||
|
|
|
@ -20,6 +20,12 @@
|
|||
#
|
||||
#permit_debugging = false
|
||||
|
||||
# If true, then we allow Arti to start even if the current user is root.
|
||||
#
|
||||
# (By default, we exit if we are running as root, since this is usually a
|
||||
# mistake.)
|
||||
#allow_running_as_root = false
|
||||
|
||||
# Set up the Arti program to run as a proxy.
|
||||
[proxy]
|
||||
# Default port to use when listening to SOCKS connections. We always
|
||||
|
|
|
@ -61,6 +61,12 @@ pub struct ApplicationConfig {
|
|||
/// whether this option is set or not.
|
||||
#[builder(default)]
|
||||
pub(crate) permit_debugging: bool,
|
||||
|
||||
/// If true, then we do not exit when we are running as `root`.
|
||||
///
|
||||
/// This has no effect on Windows.
|
||||
#[builder(default)]
|
||||
pub(crate) allow_running_as_root: bool,
|
||||
}
|
||||
impl_standard_builder! { ApplicationConfig }
|
||||
|
||||
|
|
|
@ -493,6 +493,10 @@ where
|
|||
matches.value_of("loglevel"),
|
||||
)?;
|
||||
|
||||
if !config.application().allow_running_as_root {
|
||||
process::exit_if_root();
|
||||
}
|
||||
|
||||
#[cfg(feature = "harden")]
|
||||
if !config.application().permit_debugging {
|
||||
if let Err(e) = process::enable_process_hardening() {
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
//! Code to adjust process-related parameters.
|
||||
|
||||
use tracing::error;
|
||||
|
||||
use crate::ArtiConfig;
|
||||
|
||||
/// Set our current maximum-file limit to a large value, if we can.
|
||||
|
@ -49,3 +51,27 @@ pub(crate) fn enable_process_hardening() -> anyhow::Result<()> {
|
|||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Check that we are not running as "root".
|
||||
///
|
||||
/// If we are, give an error message, and exit.
|
||||
pub(crate) fn exit_if_root() {
|
||||
if running_as_root() {
|
||||
error!(
|
||||
"You are running Arti as root. You don't need to, and \
|
||||
you probably shouldn't. \
|
||||
To run as root anyway, set application.allow_running_as_root."
|
||||
);
|
||||
std::process::exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
/// Return true if we seem to be running as root.
|
||||
fn running_as_root() -> bool {
|
||||
#[cfg(target_family = "unix")]
|
||||
unsafe {
|
||||
libc::geteuid() == 0
|
||||
}
|
||||
#[cfg(not(target_family = "unix"))]
|
||||
false
|
||||
}
|
||||
|
|
|
@ -80,6 +80,13 @@ if [ "$PROXY" = "no" ] ; then
|
|||
exit 0
|
||||
fi
|
||||
|
||||
ARTI_FLAGS=()
|
||||
if [ "$(id -u)" = "0" ] ; then
|
||||
# If we are root, then we're probably running from CI. Tell Arti
|
||||
# that's okay.
|
||||
ARTI_FLAGS+=("-o" "application.allow_running_as_root=true")
|
||||
fi
|
||||
|
||||
if [ -x ./target/x86_64-unknown-linux-gnu/debug/arti ]; then
|
||||
cmd=./target/x86_64-unknown-linux-gnu/debug/arti
|
||||
else
|
||||
|
@ -89,7 +96,8 @@ fi
|
|||
|
||||
(
|
||||
set +e
|
||||
"$cmd" proxy -c "${CHUTNEY_PATH}/net/nodes/arti.toml" -d 35353 &
|
||||
"$cmd" proxy -c "${CHUTNEY_PATH}/net/nodes/arti.toml" -d 35353 \
|
||||
"${ARTI_FLAGS[@]}" &
|
||||
pid=$!
|
||||
echo "pid=$pid" >> tests/chutney/arti.run
|
||||
wait "$pid"
|
||||
|
|
Loading…
Reference in New Issue