More more more more more more work

2022-07-27 23:32:15 +02:00 · 2022-07-27 23:32:15 +02:00 · 983a4b0b2b
commit 983a4b0b2b
parent ca9ce05bb0
112 changed files with 40 additions and 82 deletions
--- a/patches/unapplied/server/Add-root-admin-user-detection.patch
+++ b/patches/unapplied/server/Add-root-admin-user-detection.patch
@ -1,79 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: egg82 <eggys82@gmail.com>
-Date: Sat, 11 Sep 2021 22:55:14 +0200
-Subject: [PATCH] Add root/admin user detection
-
-This patch detects whether or not the server is currently executing as a privileged user and spits out a warning.
-The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
-We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past.
-Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
-
-Co-authored-by: Noah van der Aa <ndvdaa@gmail.com>
-
-diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
-new file mode 100644
-index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000
--- /dev/null
-+++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
-@@ -0,0 +0,0 @@
-+package io.papermc.paper.util;
-+
-+import com.sun.security.auth.module.NTSystem;
-+import com.sun.security.auth.module.UnixSystem;
-+import org.apache.commons.lang.SystemUtils;
-+
-+import java.io.IOException;
-+import java.io.InputStream;
-+import java.util.Set;
-+
-+public class ServerEnvironment {
-+    private static final boolean RUNNING_AS_ROOT_OR_ADMIN;
-+    private static final String WINDOWS_HIGH_INTEGRITY_LEVEL = "S-1-16-12288";
-+
-+    static {
-+        if (SystemUtils.IS_OS_WINDOWS) {
-+            RUNNING_AS_ROOT_OR_ADMIN = Set.of(new NTSystem().getGroupIDs()).contains(WINDOWS_HIGH_INTEGRITY_LEVEL);
-+        } else {
-+            boolean isRunningAsRoot = false;
-+            if (new UnixSystem().getUid() == 0) {
-+                // Due to an OpenJDK bug (https://bugs.openjdk.java.net/browse/JDK-8274721), UnixSystem#getUid incorrectly
-+                // returns 0 when the user doesn't have a username. Because of this, we'll have to double-check if the user ID is
-+                // actually 0 by running the id -u command.
-+                try {
-+                    Process process = new ProcessBuilder("id", "-u").start();
-+                    process.waitFor();
-+                    InputStream inputStream = process.getInputStream();
-+                    isRunningAsRoot = new String(inputStream.readAllBytes()).trim().equals("0");
-+                } catch (InterruptedException | IOException ignored) {
-+                    isRunningAsRoot = false;
-+                }
-+            }
-+            RUNNING_AS_ROOT_OR_ADMIN = isRunningAsRoot;
-+        }
-+    }
-+
-+    public static boolean userIsRootOrAdmin() {
-+        return RUNNING_AS_ROOT_OR_ADMIN;
-+    }
-+}
-diff --git a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
-index 0000000000000000000000000000000000000000..0000000000000000000000000000000000000000 100644
--- a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
-+++ b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
-@@ -0,0 +0,0 @@ public class DedicatedServer extends MinecraftServer implements ServerInterface
-             DedicatedServer.LOGGER.warn("To start the server with more ram, launch it as \"java -Xmx1024M -Xms1024M -jar minecraft_server.jar\"");
-         }
- 
-+        // Paper start - detect running as root
-+        if (io.papermc.paper.util.ServerEnvironment.userIsRootOrAdmin()) {
-+            DedicatedServer.LOGGER.warn("****************************");
-+            DedicatedServer.LOGGER.warn("YOU ARE RUNNING THIS SERVER AS AN ADMINISTRATIVE OR ROOT USER. THIS IS NOT ADVISED.");
-+            DedicatedServer.LOGGER.warn("YOU ARE OPENING YOURSELF UP TO POTENTIAL RISKS WHEN DOING THIS.");
-+            DedicatedServer.LOGGER.warn("FOR MORE INFORMATION, SEE https://madelinemiller.dev/blog/root-minecraft-server/");
-+            DedicatedServer.LOGGER.warn("****************************");
-+        }
-+        // Paper end
-+
-         DedicatedServer.LOGGER.info("Loading properties");
-         DedicatedServerProperties dedicatedserverproperties = this.settings.getProperties();
-