From cca9b1fca7ef9ec395db1d1b5490783e168bbdf2 Mon Sep 17 00:00:00 2001
From: egg82 <eggys82@gmail.com>
Date: Tue, 18 Feb 2020 21:10:42 -0700
Subject: [PATCH] Add root/admin user detection (#2432)

This patch detects whether or not the server is currently executing as a privileged user and spits out a warning. The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.

We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past. Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
---
 .../Add-root-admin-user-detection.patch       | 84 +++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 Spigot-Server-Patches/Add-root-admin-user-detection.patch

diff --git a/Spigot-Server-Patches/Add-root-admin-user-detection.patch b/Spigot-Server-Patches/Add-root-admin-user-detection.patch
new file mode 100644
index 000000000..1784cd792
--- /dev/null
+++ b/Spigot-Server-Patches/Add-root-admin-user-detection.patch
@@ -0,0 +1,84 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: egg82 <eggys82@gmail.com>
+Date: Thu, 8 Aug 2019 14:12:48 -0600
+Subject: [PATCH] Add root/admin user detection
+
+This patch detects whether or not the server is currently executing as a privileged user and spits out a warning.
+The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
+We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past.
+Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
+
+diff --git a/src/main/java/com/destroystokyo/paper/util/ServerEnvironment.java b/src/main/java/com/destroystokyo/paper/util/ServerEnvironment.java
+new file mode 100644
+index 000000000..76bfae177
+--- /dev/null
++++ b/src/main/java/com/destroystokyo/paper/util/ServerEnvironment.java
+@@ -0,0 +0,0 @@
++package com.destroystokyo.paper.util;
++
++import java.io.OutputStream;
++import java.io.PrintStream;
++import java.util.prefs.Preferences;
++
++public class ServerEnvironment {
++    private static final boolean runningAsRootOrAdmin;
++
++    static {
++        // https://stackoverflow.com/a/23538961
++        Preferences prefs = Preferences.systemRoot();
++        PrintStream err = System.err;
++        PrintStream emptyStream = new PrintStream(new OutputStream() {
++            @Override
++            public void write(int b) { }
++        });
++
++        System.err.flush();
++        System.setErr(emptyStream);
++
++        boolean retVal;
++        try {
++            prefs.put("papermc.priv_test", "This is a test performed by the Paper Minecraft server software."); // SecurityException
++            prefs.remove("papermc.priv_test");
++            prefs.flush(); // BackingStoreException
++            retVal = true;
++        } catch (Exception ignored) { // Windows = SecurityException, Linux = BackingStoreException
++            retVal = false;
++        }
++        runningAsRootOrAdmin = retVal;
++
++        System.err.flush();
++        System.setErr(err);
++    }
++
++    public static boolean userIsRootOrAdmin() { return runningAsRootOrAdmin; }
++}
+diff --git a/src/main/java/org/bukkit/craftbukkit/Main.java b/src/main/java/org/bukkit/craftbukkit/Main.java
+index af05f3c1e..2a0273074 100644
+--- a/src/main/java/org/bukkit/craftbukkit/Main.java
++++ b/src/main/java/org/bukkit/craftbukkit/Main.java
+@@ -0,0 +0,0 @@
+ package org.bukkit.craftbukkit;
+ 
++import com.destroystokyo.paper.util.ServerEnvironment; // Paper
+ import java.io.File;
+ import java.io.IOException;
+ import java.text.SimpleDateFormat;
+@@ -0,0 +0,0 @@ public class Main {
+                     System.setProperty(TerminalConsoleAppender.JLINE_OVERRIDE_PROPERTY, "false"); // Paper
+                 }
+ 
++                // Paper start - detect running as root
++                if (ServerEnvironment.userIsRootOrAdmin()) {
++                    System.err.println("****************************");
++                    System.err.println("YOU ARE RUNNING AS AN ADMINISTRATIVE OR ROOT USER. THIS IS NOT ADVISED.");
++                    System.err.println("YOU ARE OPENING YOURSELF UP TO POTENTIAL RISKS WHEN DOING THIS.");
++                    System.err.println("MALWARE, BAD PLUGINS, AND ATTACKERS WILL HAVE COMPLETE ACCESS AND CONTROL OF YOUR MACHINE.");
++                    System.err.println("****************************");
++                    System.err.println();
++                }
++                // Paper end
++
+                 if (Main.class.getPackage().getImplementationVendor() != null && System.getProperty("IReallyKnowWhatIAmDoingISwear") == null) {
+                     Date buildDate = new SimpleDateFormat("yyyyMMdd-HHmm").parse(Main.class.getPackage().getImplementationVendor());
+ 
+--
\ No newline at end of file