Upstream
/
Waterfall
mirror of https://github.com/PaperMC/Waterfall.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: Upstream:52bd10a13356ab91a00a8354f299c54d71840dd5
Branches Tags
Upstream:master
Upstream:plugin-messages
Upstream:illegal-packets
Upstream:feature/method-handles
Upstream:downloads
...
compare: Upstream:ec7358e64eb95eae6d34c58e663b10939ceed715
Branches Tags
Upstream:master
Upstream:plugin-messages
Upstream:illegal-packets
Upstream:feature/method-handles
Upstream:downloads

6 Commits
52bd10a133 ... ec7358e64e

Author SHA1 Message Date
Noah van der Aa ec7358e64e
Merge c0264cb36c into 1231b4d27c 2024-05-02 21:51:00 +02:00
Shane Freeder 1231b4d27c
Updated Upstream (BungeeCord) 
Upstream has released updates that appear to apply and compile correctly.
This update has not been tested by PaperMC and as with ANY update, please do your own testing

BungeeCord Changes:
6e175173 #3608, #3676: Close connection if HAProxy 2.0 message is a health check
6335af84 SPIGOT-7638: Library loader does not seem to resolve every dependency
 2024-04-29 14:30:31 +01:00
Noah van der Aa c0264cb36c
Use inferior formatting 2021-10-09 11:20:23 +02:00
Noah van der Aa 8745f0fe3f
Use ProcessBuilder 2021-10-07 19:45:58 +02:00
Noah van der Aa fae9cdb6d8
It's called ignored for a reason 🤦 2021-09-30 18:27:10 +02:00
Noah van der Aa dfe8240ec6
Add root/admin user detection 2021-09-30 18:24:12 +02:00
3 changed files with 81 additions and 4 deletions
Show Stats Expand all files Collapse all files

2
BungeeCord

@ -1 +1 @@
Subproject commit 336333acb1e6140556271545c71f784083559dcc
Subproject commit 6e1751733f6b3dafe824dcd7f00d5ed86572ba37

6
BungeeCord-Patches/0061-Expand-packet-decode-logging-usage.patch
View File

@ -1,14 +1,14 @@
From 76c901d6879fc774867b51da71abb31c10bdc8ab Mon Sep 17 00:00:00 2001
From 46bb2e2fc11e4133b45c1c6af6e1e5d20043f9f1 Mon Sep 17 00:00:00 2001
From: Shane Freeder <theboyetronic@gmail.com>
Date: Sun, 19 Jun 2022 10:31:51 +0100
Subject: [PATCH] Expand packet-decode-logging usage
diff --git a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
index 206f4227..954ffbc9 100644
index 6caf30cd..75e802d2 100644
--- a/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
+++ b/proxy/src/main/java/net/md_5/bungee/netty/HandlerBoss.java
@@ -152,6 +152,14 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
@@ -155,6 +155,14 @@ public class HandlerBoss extends ChannelInboundHandlerAdapter
ProxyServer.getInstance().getLogger().log( Level.WARNING, "{0} - read timed out", handler );
} else if ( cause instanceof DecoderException )
{

77
BungeeCord-Patches/0062-Add-root-admin-user-detection.patch Normal file
View File

@ -0,0 +1,77 @@
From 796d9a15ab5cd8d25a282399aa949588050de081 Mon Sep 17 00:00:00 2001
From: Noah van der Aa <ndvdaa@gmail.com>
Date: Thu, 30 Sep 2021 16:59:18 +0200
Subject: [PATCH] Add root/admin user detection
This patch detects whether or not the server is currently executing as a privileged user and spits out a warning.
The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past.
Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
Co-authored-by: egg82 <eggys82@gmail.com>
diff --git a/api/src/main/java/io/github/waterfallmc/waterfall/utils/ServerEnvironment.java b/api/src/main/java/io/github/waterfallmc/waterfall/utils/ServerEnvironment.java
new file mode 100644
index 00000000..ecc6c4c1
--- /dev/null
+++ b/api/src/main/java/io/github/waterfallmc/waterfall/utils/ServerEnvironment.java
@@ -0,0 +1,34 @@
+package io.github.waterfallmc.waterfall.utils;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+public class ServerEnvironment {
+ private static final boolean RUNNING_AS_ROOT_OR_ADMIN;
+
+ static {
+ boolean isWindows = System.getProperty("os.name").startsWith("Windows");
+ boolean isAdmin = false;
+ String[] command = isWindows ? new String[]{"reg", "query", "reg query \"HKU\\S-1-5-19\"" } : new String[]{"id", "-u" };
+
+ try {
+ Process process = new ProcessBuilder(command).start();
+ process.waitFor();
+ if (isWindows) {
+ isAdmin = process.exitValue() == 0;
+ } else {
+ BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
+ String uid = reader.readLine();
+ isAdmin = uid.equals("0");
+ }
+ } catch (InterruptedException | IOException ignored) {
+ }
+
+ RUNNING_AS_ROOT_OR_ADMIN = isAdmin;
+ }
+
+ public static boolean userIsRootOrAdmin() {
+ return RUNNING_AS_ROOT_OR_ADMIN;
+ }
+}
\ No newline at end of file
diff --git a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
index 07d74c67..d66c5a6c 100644
--- a/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
+++ b/proxy/src/main/java/net/md_5/bungee/BungeeCord.java
@@ -287,6 +287,16 @@ public class BungeeCord extends ProxyServer
isRunning = true;
+ // Waterfall start - detect running as root
+ if ( io.github.waterfallmc.waterfall.utils.ServerEnvironment.userIsRootOrAdmin() ) {
+ getLogger().warning("****************************");
+ getLogger().warning("YOU ARE RUNNING THIS SERVER AS AN ADMINISTRATIVE OR ROOT USER. THIS IS NOT ADVISED.");
+ getLogger().warning("YOU ARE OPENING YOURSELF UP TO POTENTIAL RISKS WHEN DOING THIS.");
+ getLogger().warning("FOR MORE INFORMATION, SEE https://madelinemiller.dev/blog/root-minecraft-server/");
+ getLogger().warning("****************************");
+ }
+ // Waterfall end
+
pluginManager.enablePlugins();
if ( config.getThrottle() > 0 )
--
2.33.0