#1058 closed enhancement (fixed)
[PATCH] Refuse to run as root
Reported by: | Philip Taylor | Owned by: | leper |
---|---|---|---|
Priority: | Nice to Have | Milestone: | Alpha 9 |
Component: | Core engine | Keywords: | simple, patch |
Cc: | Patch: |
Description
Sometimes people try running the game as root (via sudo etc) on Linux. That's terribly insecure, and causes problems if the game tries creating directories like ~/.config/0ad/
in the (non-root) user's home directory while running as root (which I think happens occasionally), because the directory ownership will be wrong.
The game should probably detect on startup that the user is root, and print some error message (saying how it's terribly insecure) and terminate, to stop people doing dangerous things.
Attachments (2)
Change History (10)
by , 13 years ago
Attachment: | unix-no-root-2012-01-09.patch added |
---|
comment:1 by , 13 years ago
Keywords: | review added |
---|---|
Owner: | set to |
Status: | new → assigned |
Summary: | Refuse to run as root → [PATCH] Refuse to run as root |
comment:2 by , 13 years ago
Keywords: | patch added |
---|---|
Resolution: | → fixed |
Status: | assigned → closed |
With the attached patch the game refuses to run as root (or if called with sudo) on unix-like systems and prints an informative message. It is however still runnable as root if it is called with --really-run-as-root
Please review
follow-up: 4 comment:3 by , 13 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
i don't think that i can/should be able to close this ticket or?
comment:4 by , 13 years ago
Replying to leper:
i don't think that i can/should be able to close this ticket or?
It is best to close tickets when it is applied to svn, this normally happens automatically.
follow-up: 6 comment:5 by , 13 years ago
Milestone: | Backlog → Alpha 9 |
---|
Do we need the --really-run-as-root
option? I can't imagine why anyone would want to run the game as root, certainly not an experienced/technologically proficient user. So in that case I'd say simplify the patch and leave that option out :)
comment:6 by , 13 years ago
Replying to historic_bruno:
Do we need the
--really-run-as-root
option? I can't imagine why anyone would want to run the game as root, certainly not an experienced/technologically proficient user. So in that case I'd say simplify the patch and leave that option out :)
Regarding the --really-run-as-root option: I'm always in favor of a solution that gives the user the possibility to decide. But due to the open source nature of 0ad I don't think that it is a problem to remove the code if someone really needs to run 0ad as root
by , 13 years ago
Attachment: | unix-no-root-2012-01-13.patch added |
---|
patch without the --really-run-as-root option; fixed whitespace change in previous version of this patch (same filename)
comment:7 by , 13 years ago
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
comment:8 by , 13 years ago
Keywords: | review removed |
---|
refuse to run as root if not started with --really-run-as-root