mirror of
https://github.com/PaperMC/Paper.git
synced 2024-07-20 19:14:46 +02:00
c0936a71bd
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 01aa02eb PR-858: Add LivingEntity#playHurtAnimation() 9421320f PR-884: Refinements to new ban API for improved compatibility and correctness 37a60b45 SPIGOT-6455, SPIGOT-7030, PR-750: Improve ban API 4eeb174b All smithing inventories are now the new smithing inventory f2bb168e PR-880: Add methods to get/set FallingBlock CancelDrop e7a807fa PR-879: Add Player#sendHealthUpdate() 692b8e96 SPIGOT-7370: Remove float value conversion in plugin.yml 2d033390 SPIGOT-7403: Add direct API for waxed signs 16a08373 PR-876: Add missing Raider API and 'no action ticks' CraftBukkit Changes: b60a95c8c PR-1189: Add LivingEntity#playHurtAnimation() 95c335c63 PR-1226: Fix VehicleEnterEvent not being called for certain entities 0a0fc3bee PR-1227: Refinements to new ban API for improved compatibility and correctness 0d0b1e5dc Revert bad change to PathfinderGoalSit causing all cats to sit 648196070 SPIGOT-6455, SPIGOT-7030, PR-1054: Improve ban API 31fe848d6 All smithing inventories are now the new smithing inventory 9a919a143 SPIGOT-7416: SmithItemEvent not firing in Smithing Table 9f64f0d22 PR-1221: Add methods to get/set FallingBlock CancelDrop 3be9ac171 PR-1220: Add Player#sendHealthUpdate() c1279f775 PR-1209: Clean up various patches c432e4397 Fix Raider#setCelebrating() implementation 504d96665 SPIGOT-7403: Add direct API for waxed signs c68c1f1b3 PR-1216: Add missing Raider API and 'no action ticks' 85b89c3dd Increase outdated build delay Spigot Changes: 9ebce8af Rebuild patches 64b565e6 Rebuild patches
80 lines
4.1 KiB
Diff
80 lines
4.1 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: egg82 <eggys82@gmail.com>
|
|
Date: Sat, 11 Sep 2021 22:55:14 +0200
|
|
Subject: [PATCH] Add root/admin user detection
|
|
|
|
This patch detects whether or not the server is currently executing as a privileged user and spits out a warning.
|
|
The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
|
|
We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past.
|
|
Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
|
|
|
|
Co-authored-by: Noah van der Aa <ndvdaa@gmail.com>
|
|
|
|
diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..6bd0afddbcc461149dfe9a5c7a86fff6ea13a5f1
|
|
--- /dev/null
|
|
+++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
|
|
@@ -0,0 +1,40 @@
|
|
+package io.papermc.paper.util;
|
|
+
|
|
+import com.sun.security.auth.module.NTSystem;
|
|
+import com.sun.security.auth.module.UnixSystem;
|
|
+import org.apache.commons.lang.SystemUtils;
|
|
+
|
|
+import java.io.IOException;
|
|
+import java.io.InputStream;
|
|
+import java.util.Set;
|
|
+
|
|
+public class ServerEnvironment {
|
|
+ private static final boolean RUNNING_AS_ROOT_OR_ADMIN;
|
|
+ private static final String WINDOWS_HIGH_INTEGRITY_LEVEL = "S-1-16-12288";
|
|
+
|
|
+ static {
|
|
+ if (SystemUtils.IS_OS_WINDOWS) {
|
|
+ RUNNING_AS_ROOT_OR_ADMIN = Set.of(new NTSystem().getGroupIDs()).contains(WINDOWS_HIGH_INTEGRITY_LEVEL);
|
|
+ } else {
|
|
+ boolean isRunningAsRoot = false;
|
|
+ if (new UnixSystem().getUid() == 0) {
|
|
+ // Due to an OpenJDK bug (https://bugs.openjdk.java.net/browse/JDK-8274721), UnixSystem#getUid incorrectly
|
|
+ // returns 0 when the user doesn't have a username. Because of this, we'll have to double-check if the user ID is
|
|
+ // actually 0 by running the id -u command.
|
|
+ try {
|
|
+ Process process = new ProcessBuilder("id", "-u").start();
|
|
+ process.waitFor();
|
|
+ InputStream inputStream = process.getInputStream();
|
|
+ isRunningAsRoot = new String(inputStream.readAllBytes()).trim().equals("0");
|
|
+ } catch (InterruptedException | IOException ignored) {
|
|
+ isRunningAsRoot = false;
|
|
+ }
|
|
+ }
|
|
+ RUNNING_AS_ROOT_OR_ADMIN = isRunningAsRoot;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ public static boolean userIsRootOrAdmin() {
|
|
+ return RUNNING_AS_ROOT_OR_ADMIN;
|
|
+ }
|
|
+}
|
|
diff --git a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
|
|
index 1fbe7a58707ddd40f80d71e3703ff3fefff672f4..9a45921cbb1e7a39e6ef46cc93c14766ee8229ad 100644
|
|
--- a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
|
|
+++ b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
|
|
@@ -179,6 +179,16 @@ public class DedicatedServer extends MinecraftServer implements ServerInterface
|
|
DedicatedServer.LOGGER.warn("To start the server with more ram, launch it as \"java -Xmx1024M -Xms1024M -jar minecraft_server.jar\"");
|
|
}
|
|
|
|
+ // Paper start - detect running as root
|
|
+ if (io.papermc.paper.util.ServerEnvironment.userIsRootOrAdmin()) {
|
|
+ DedicatedServer.LOGGER.warn("****************************");
|
|
+ DedicatedServer.LOGGER.warn("YOU ARE RUNNING THIS SERVER AS AN ADMINISTRATIVE OR ROOT USER. THIS IS NOT ADVISED.");
|
|
+ DedicatedServer.LOGGER.warn("YOU ARE OPENING YOURSELF UP TO POTENTIAL RISKS WHEN DOING THIS.");
|
|
+ DedicatedServer.LOGGER.warn("FOR MORE INFORMATION, SEE https://madelinemiller.dev/blog/root-minecraft-server/");
|
|
+ DedicatedServer.LOGGER.warn("****************************");
|
|
+ }
|
|
+ // Paper end
|
|
+
|
|
DedicatedServer.LOGGER.info("Loading properties");
|
|
DedicatedServerProperties dedicatedserverproperties = this.settings.getProperties();
|
|
|