Update of /cvsroot/agd/server/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv31932/src
Modified Files:
compile_options.h main.c sys.c
Log Message:
Disallowed running AGD as root; Added exit value 5 as configuration error
Index: sys.c
===================================================================
RCS file: /cvsroot/agd/server/src/sys.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- sys.c 21 Mar 2004 10:34:47 -0000 1.10
+++ sys.c 21 Mar 2004 13:43:50 -0000 1.11
@@ -34,7 +34,7 @@
if(!f) {
fprintf(stderr, "Can't open configuration file! (%s)\n", strerror(errno));
- exit(0);
+ exit(5);
}
conf.exit_stats = 0;
Index: main.c
===================================================================
RCS file: /cvsroot/agd/server/src/main.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -d -r1.14 -r1.15
--- main.c 21 Mar 2004 12:24:59 -0000 1.14
+++ main.c 21 Mar 2004 13:43:50 -0000 1.15
@@ -84,7 +84,7 @@
printf("Usage: %s [options] [configuration file]\n", s);
printf("\tOptions:\n\t\t-d:\n\t\t Increase debug level\n"
"\t\t-?\n\t\t-v:\n\t\t Show version and quit\n");
- exit(0);
+ exit(5);
}
void print_version(void)
@@ -159,6 +159,14 @@
parse_args(argc, argv);
print_version();
+#ifndef ALLOW_ROOT
+ if(getuid() == 0) {
+ printf("Don't run AGD as root - this is a security risk at this point.\n");
+ printf("Create a user for it or run it under your own account.\n");
+ exit(5);
+ }
+#endif
+
if(!conf_file) {
#ifdef DEFAULT_CONFIG_FILE
printf("No config file provided - using default file (\"%s\")\n", DEFAULT_CONFIG_FILE);
Index: compile_options.h
===================================================================
RCS file: /cvsroot/agd/server/src/compile_options.h,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -d -r1.11 -r1.12
--- compile_options.h 20 Mar 2004 20:26:36 -0000 1.11
+++ compile_options.h 21 Mar 2004 13:43:50 -0000 1.12
@@ -41,4 +41,9 @@
* Must be one of T_VOID, T_STRING, T_OBJECT or T_INT. */
#define DEFAULT_FUNCTION_TYPE T_VOID
+/* Define this if you want to allow root to run AGD,
+ * BUT ONLY IF YOU REALLY KNOW WHAT YOU ARE DOING!
+ * AGD is probably not very secure at this point. */
+#undef ALLOW_ROOT
+
#endif
|
