diff options
| author | Janito Vaqueiro Ferreira Filho <janito@mullvad.net> | 2018-03-03 12:37:55 -0300 |
|---|---|---|
| committer | Janito Vaqueiro Ferreira Filho <janito@mullvad.net> | 2018-03-06 13:58:02 -0300 |
| commit | 8d673a4d6768c30b561ae5a6530e9ef59d288537 (patch) | |
| tree | e32802cad7aa7f6b55dad8af861d76f7c81eaef1 | |
| parent | 3e0d994cd56c6862869d0771c01c6f24b89bd880 (diff) | |
| download | mullvadvpn-8d673a4d6768c30b561ae5a6530e9ef59d288537.tar.xz mullvadvpn-8d673a4d6768c30b561ae5a6530e9ef59d288537.zip | |
Warn if user is running daemon as a non-root user
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | Cargo.lock | 1 | ||||
| -rw-r--r-- | mullvad-daemon/Cargo.toml | 1 | ||||
| -rw-r--r-- | mullvad-daemon/src/main.rs | 1 | ||||
| -rw-r--r-- | mullvad-daemon/src/rpc_info.rs | 17 |
5 files changed, 21 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index c9f627d558..9aa5532dd1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). - Add `--disable-rpc-auth` flag to daemon to make it accept unauthorized control. - Add colors to terminal output on macOS and Linux. - Add details to mullvad CLI interface error for when it doesn't trust the RPC file. +- Warn if daemon is running as a non-root user. ### Fixed - Fix a bug in account input field that advanced the cursor to the end regardless its prior diff --git a/Cargo.lock b/Cargo.lock index b3dd34d69e..95023a14de 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -673,6 +673,7 @@ dependencies = [ "jsonrpc-pubsub 7.1.1 (git+https://github.com/paritytech/jsonrpc?tag=v7.1.1)", "jsonrpc-ws-server 7.1.1 (git+https://github.com/paritytech/jsonrpc?tag=v7.1.1)", "lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", + "libc 0.2.35 (registry+https://github.com/rust-lang/crates.io-index)", "log 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)", "mullvad-rpc 0.1.0", "mullvad-types 0.1.0", diff --git a/mullvad-daemon/Cargo.toml b/mullvad-daemon/Cargo.toml index 6bba73bbd3..0c4c1a109f 100644 --- a/mullvad-daemon/Cargo.toml +++ b/mullvad-daemon/Cargo.toml @@ -15,6 +15,7 @@ fern = { version = "0.5", features = ["colored"] } futures = "0.1" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" +libc = "0.2" log = "0.4" jsonrpc-core = { git = "https://github.com/paritytech/jsonrpc", tag = "v7.1.1" } jsonrpc-macros = { git = "https://github.com/paritytech/jsonrpc", tag = "v7.1.1" } diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs index d6cc7755fc..631fe2cdd1 100644 --- a/mullvad-daemon/src/main.rs +++ b/mullvad-daemon/src/main.rs @@ -14,6 +14,7 @@ extern crate clap; #[macro_use] extern crate error_chain; extern crate futures; +extern crate libc; #[macro_use] extern crate log; diff --git a/mullvad-daemon/src/rpc_info.rs b/mullvad-daemon/src/rpc_info.rs index b5b35fa8f7..33a27828eb 100644 --- a/mullvad-daemon/src/rpc_info.rs +++ b/mullvad-daemon/src/rpc_info.rs @@ -2,6 +2,8 @@ use std::fs::{self, File, OpenOptions}; use std::io::{self, Write}; use std::path::{Path, PathBuf}; +use libc; + error_chain! { errors { WriteFailed(path: PathBuf) { @@ -47,6 +49,9 @@ pub fn remove() -> Result<()> { } fn open_file(path: &Path) -> io::Result<File> { + if !user_is_root() { + warn!("Running daemon as a non-root user, clients might refuse to connect"); + } let file = OpenOptions::new() .write(true) .truncate(true) @@ -57,6 +62,18 @@ fn open_file(path: &Path) -> io::Result<File> { } #[cfg(unix)] +fn user_is_root() -> bool { + let uid = unsafe { libc::getuid() }; + uid == 0 +} + +#[cfg(windows)] +fn user_is_root() -> bool { + // TODO: Check if user is administrator correctly on Windows. + true +} + +#[cfg(unix)] fn set_rpc_file_permissions(file: &File) -> io::Result<()> { use std::os::unix::fs::PermissionsExt; file.set_permissions(PermissionsExt::from_mode(0o644)) |