77a5779e24
Upstream has released updates that appear to apply and compile correctly. This update has not been tested by PaperMC and as with ANY update, please do your own testing Bukkit Changes: 2ec53f49 PR-1050: Fix empty result check for Complex Recipes 10671012 PR-1044: Add CrafterCraftEvent 4d87ffe0 Use correct method in JavaDoc ae5e5817 SPIGOT-7850: Add API for Bogged shear state 46b6d445 SPIGOT-7837: Support data pack banner patterns d5d0cefc Fix JavaDoc error b3c2b83d PR-1036: Add API for InventoryView derivatives 1fe2c75a SPIGOT-7809: Add ShieldMeta CraftBukkit Changes: 8ee6fd1b8 SPIGOT-7857: Improve ItemMeta block data deserialization 8f26c30c6 SPIGOT-7857: Fix spurious internal NBT tag when deserializing BlockStateMeta 759061b93 SPIGOT-7855: Fire does not spread or burn blocks 00fc9fb64 SPIGOT-7853: AnvilInventory#getRepairCost() always returns 0 7501e2e04 PR-1450: Add CrafterCraftEvent 8c51673e7 SPIGOT-5731: PortalCreateEvent#getEntity returns null for nether portals ignited by flint and steel d53d0d0b1 PR-1456: Fix inverted logic in CraftCrafterView#setSlotDisabled 682a678c8 SPIGOT-7850: Add API for Bogged shear state fccf5243a SPIGOT-7837: Support data pack banner patterns 9c3bd4390 PR-1431: Add API for InventoryView derivatives 0cc6acbc4 SPIGOT-7849: Fix FoodComponent serialize with "using-converts-to" using null 2c5474952 Don't rely on tags for CraftItemMetas 20d107e46 SPIGOT-7846: Fix ItemMeta for hanging signs 76f59e315 Remove redundant clone in Dropper InventoryMoveItemEvent e61a53d25 SPIGOT-7817: Call InventoryMoveItemEvent for Crafters 894682e2d SPIGOT-7839: Remove redundant Java version checks 2c12b2187 SPIGOT-7809: Add ShieldMeta and fix setting shield base colours Spigot Changes: fb8fb722 Rebuild patches 34bd42b7 SPIGOT-7835: Fix issue with custom hopper settings
62 lines
3.2 KiB
Diff
62 lines
3.2 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: egg82 <eggys82@gmail.com>
|
|
Date: Sat, 11 Sep 2021 22:55:14 +0200
|
|
Subject: [PATCH] Add root/admin user detection
|
|
|
|
This patch detects whether or not the server is currently executing as a privileged user and spits out a warning.
|
|
The warning serves as a sort-of PSA for newer server admins who don't understand the risks of running as root.
|
|
We've seen plenty of bad/malicious plugins hit markets, and there's been a few close-calls with exploits in the past.
|
|
Hopefully this helps mitigate some potential damage to servers, even if it is just a warning.
|
|
|
|
Co-authored-by: Noah van der Aa <ndvdaa@gmail.com>
|
|
|
|
diff --git a/src/main/java/io/papermc/paper/util/ServerEnvironment.java b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
|
|
new file mode 100644
|
|
index 0000000000000000000000000000000000000000..68098dfe716e93aafcca4d8d5b5a81d8648b3654
|
|
--- /dev/null
|
|
+++ b/src/main/java/io/papermc/paper/util/ServerEnvironment.java
|
|
@@ -0,0 +1,23 @@
|
|
+package io.papermc.paper.util;
|
|
+
|
|
+import com.sun.security.auth.module.NTSystem;
|
|
+import com.sun.security.auth.module.UnixSystem;
|
|
+import java.util.Set;
|
|
+import org.apache.commons.lang.SystemUtils;
|
|
+
|
|
+public class ServerEnvironment {
|
|
+ private static final boolean RUNNING_AS_ROOT_OR_ADMIN;
|
|
+ private static final String WINDOWS_HIGH_INTEGRITY_LEVEL = "S-1-16-12288";
|
|
+
|
|
+ static {
|
|
+ if (SystemUtils.IS_OS_WINDOWS) {
|
|
+ RUNNING_AS_ROOT_OR_ADMIN = Set.of(new NTSystem().getGroupIDs()).contains(WINDOWS_HIGH_INTEGRITY_LEVEL);
|
|
+ } else {
|
|
+ RUNNING_AS_ROOT_OR_ADMIN = new UnixSystem().getUid() == 0;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ public static boolean userIsRootOrAdmin() {
|
|
+ return RUNNING_AS_ROOT_OR_ADMIN;
|
|
+ }
|
|
+}
|
|
diff --git a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
|
|
index adbd61c41cc30afa89c6ee3544c562b351304a01..585d3e51b4af87327fc2bc64a49f09732a8c61ab 100644
|
|
--- a/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
|
|
+++ b/src/main/java/net/minecraft/server/dedicated/DedicatedServer.java
|
|
@@ -196,6 +196,16 @@ public class DedicatedServer extends MinecraftServer implements ServerInterface
|
|
DedicatedServer.LOGGER.warn("To start the server with more ram, launch it as \"java -Xmx1024M -Xms1024M -jar minecraft_server.jar\"");
|
|
}
|
|
|
|
+ // Paper start - detect running as root
|
|
+ if (io.papermc.paper.util.ServerEnvironment.userIsRootOrAdmin()) {
|
|
+ DedicatedServer.LOGGER.warn("****************************");
|
|
+ DedicatedServer.LOGGER.warn("YOU ARE RUNNING THIS SERVER AS AN ADMINISTRATIVE OR ROOT USER. THIS IS NOT ADVISED.");
|
|
+ DedicatedServer.LOGGER.warn("YOU ARE OPENING YOURSELF UP TO POTENTIAL RISKS WHEN DOING THIS.");
|
|
+ DedicatedServer.LOGGER.warn("FOR MORE INFORMATION, SEE https://madelinemiller.dev/blog/root-minecraft-server/");
|
|
+ DedicatedServer.LOGGER.warn("****************************");
|
|
+ }
|
|
+ // Paper end - detect running as root
|
|
+
|
|
DedicatedServer.LOGGER.info("Loading properties");
|
|
DedicatedServerProperties dedicatedserverproperties = this.settings.getProperties();
|
|
|