SteamWar/Paper
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add root/admin user detection

Browse Source 
This patch detects whether or not the server is currently executing as a privileged user and spits out a warning.
The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past.
Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.

Co-authored-by: Noah van der Aa <ndvdaa@gmail.com>
This commit is contained in:
egg82
2021-09-11 22:55:14 +02:00
parent 987d596834
commit 61353ac496
2 changed files with 52 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
paper-server/src/main/java/io/papermc/paper/util/ServerEnvironment.java Normal file
View File

@@ -0,0 +1,23 @@
package io.papermc.paper.util;
import com.sun.security.auth.module.NTSystem;
import com.sun.security.auth.module.UnixSystem;
import java.util.Set;
import org.apache.commons.lang.SystemUtils;
public class ServerEnvironment {
private static final boolean RUNNING_AS_ROOT_OR_ADMIN;
private static final String WINDOWS_HIGH_INTEGRITY_LEVEL = "S-1-16-12288";
static {
if (SystemUtils.IS_OS_WINDOWS) {
RUNNING_AS_ROOT_OR_ADMIN = Set.of(new NTSystem().getGroupIDs()).contains(WINDOWS_HIGH_INTEGRITY_LEVEL);
} else {
RUNNING_AS_ROOT_OR_ADMIN = new UnixSystem().getUid() == 0;
}
}
public static boolean userIsRootOrAdmin() {
return RUNNING_AS_ROOT_OR_ADMIN;
}
}