summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJanito Vaqueiro Ferreira Filho <janito@mullvad.net>2018-03-03 12:37:55 -0300
committerJanito Vaqueiro Ferreira Filho <janito@mullvad.net>2018-03-06 13:58:02 -0300
commit8d673a4d6768c30b561ae5a6530e9ef59d288537 (patch)
treee32802cad7aa7f6b55dad8af861d76f7c81eaef1
parent3e0d994cd56c6862869d0771c01c6f24b89bd880 (diff)
downloadmullvadvpn-8d673a4d6768c30b561ae5a6530e9ef59d288537.tar.xz
mullvadvpn-8d673a4d6768c30b561ae5a6530e9ef59d288537.zip
Warn if user is running daemon as a non-root user
-rw-r--r--CHANGELOG.md1
-rw-r--r--Cargo.lock1
-rw-r--r--mullvad-daemon/Cargo.toml1
-rw-r--r--mullvad-daemon/src/main.rs1
-rw-r--r--mullvad-daemon/src/rpc_info.rs17
5 files changed, 21 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c9f627d558..9aa5532dd1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
- Add `--disable-rpc-auth` flag to daemon to make it accept unauthorized control.
- Add colors to terminal output on macOS and Linux.
- Add details to mullvad CLI interface error for when it doesn't trust the RPC file.
+- Warn if daemon is running as a non-root user.
### Fixed
- Fix a bug in account input field that advanced the cursor to the end regardless its prior
diff --git a/Cargo.lock b/Cargo.lock
index b3dd34d69e..95023a14de 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -673,6 +673,7 @@ dependencies = [
"jsonrpc-pubsub 7.1.1 (git+https://github.com/paritytech/jsonrpc?tag=v7.1.1)",
"jsonrpc-ws-server 7.1.1 (git+https://github.com/paritytech/jsonrpc?tag=v7.1.1)",
"lazy_static 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
+ "libc 0.2.35 (registry+https://github.com/rust-lang/crates.io-index)",
"log 0.4.1 (registry+https://github.com/rust-lang/crates.io-index)",
"mullvad-rpc 0.1.0",
"mullvad-types 0.1.0",
diff --git a/mullvad-daemon/Cargo.toml b/mullvad-daemon/Cargo.toml
index 6bba73bbd3..0c4c1a109f 100644
--- a/mullvad-daemon/Cargo.toml
+++ b/mullvad-daemon/Cargo.toml
@@ -15,6 +15,7 @@ fern = { version = "0.5", features = ["colored"] }
futures = "0.1"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
+libc = "0.2"
log = "0.4"
jsonrpc-core = { git = "https://github.com/paritytech/jsonrpc", tag = "v7.1.1" }
jsonrpc-macros = { git = "https://github.com/paritytech/jsonrpc", tag = "v7.1.1" }
diff --git a/mullvad-daemon/src/main.rs b/mullvad-daemon/src/main.rs
index d6cc7755fc..631fe2cdd1 100644
--- a/mullvad-daemon/src/main.rs
+++ b/mullvad-daemon/src/main.rs
@@ -14,6 +14,7 @@ extern crate clap;
#[macro_use]
extern crate error_chain;
extern crate futures;
+extern crate libc;
#[macro_use]
extern crate log;
diff --git a/mullvad-daemon/src/rpc_info.rs b/mullvad-daemon/src/rpc_info.rs
index b5b35fa8f7..33a27828eb 100644
--- a/mullvad-daemon/src/rpc_info.rs
+++ b/mullvad-daemon/src/rpc_info.rs
@@ -2,6 +2,8 @@ use std::fs::{self, File, OpenOptions};
use std::io::{self, Write};
use std::path::{Path, PathBuf};
+use libc;
+
error_chain! {
errors {
WriteFailed(path: PathBuf) {
@@ -47,6 +49,9 @@ pub fn remove() -> Result<()> {
}
fn open_file(path: &Path) -> io::Result<File> {
+ if !user_is_root() {
+ warn!("Running daemon as a non-root user, clients might refuse to connect");
+ }
let file = OpenOptions::new()
.write(true)
.truncate(true)
@@ -57,6 +62,18 @@ fn open_file(path: &Path) -> io::Result<File> {
}
#[cfg(unix)]
+fn user_is_root() -> bool {
+ let uid = unsafe { libc::getuid() };
+ uid == 0
+}
+
+#[cfg(windows)]
+fn user_is_root() -> bool {
+ // TODO: Check if user is administrator correctly on Windows.
+ true
+}
+
+#[cfg(unix)]
fn set_rpc_file_permissions(file: &File) -> io::Result<()> {
use std::os::unix::fs::PermissionsExt;
file.set_permissions(PermissionsExt::from_mode(0o644))