cmd/syncthing: Warn when running as a super user (fixes #4123)

UID 0 on Unixes, SYSTEM SID on Windows.

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/4148
This commit is contained in:
Jakob Borg 2017-05-15 05:42:21 +00:00
parent d25b15263a
commit 1d15b8be9b
3 changed files with 62 additions and 0 deletions

View File

@ -941,6 +941,10 @@ func syncthingMain(runtimeOptions RuntimeOptions) {
}
}
if isSuperUser() {
l.Warnln("Syncthing should not run as a privileged or system user. Please consider using a normal user account.")
}
events.Default.Log(events.StartupComplete, map[string]string{
"myID": myID.String(),
})

View File

@ -0,0 +1,17 @@
// Copyright (C) 2017 The Syncthing Authors.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at https://mozilla.org/MPL/2.0/.
// +build !windows
package main
import (
"os"
)
func isSuperUser() bool {
return os.Geteuid() == 0
}

View File

@ -0,0 +1,41 @@
// Copyright (C) 2017 The Syncthing Authors.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
// You can obtain one at https://mozilla.org/MPL/2.0/.
package main
import "syscall"
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa379649(v=vs.85).aspx
const securityLocalSystemRID = "S-1-5-18"
func isSuperUser() bool {
tok, err := syscall.OpenCurrentProcessToken()
if err != nil {
l.Debugln("OpenCurrentProcessToken:", err)
return false
}
defer tok.Close()
user, err := tok.GetTokenUser()
if err != nil {
l.Debugln("GetTokenUser:", err)
return false
}
if user.User.Sid == nil {
l.Debugln("sid is nil")
return false
}
sid, err := user.User.Sid.String()
if err != nil {
l.Debugln("Sid.String():", err)
return false
}
l.Debugf("SID: %q", sid)
return sid == securityLocalSystemRID
}