From f28e005e1e7b8245c6df16cfe6905338f895988f Mon Sep 17 00:00:00 2001 From: Yamagi Burmeister Date: Sat, 2 Jun 2012 16:33:12 +0200 Subject: [PATCH] Back out if Quake II is run as root or if eUID != rUID This is a sanity check to prevent stupid users from running Quake II as root or as a setuid binary. Quake II is such a mess that running it as root or setuid is just reckless. --- src/unix/main.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/src/unix/main.c b/src/unix/main.c index 24fabd21..db8b7bb0 100644 --- a/src/unix/main.c +++ b/src/unix/main.c @@ -45,9 +45,28 @@ main ( int argc, char **argv ) /* register signal handler */ registerHandler(); - /* go back to real user for config loads */ - saved_euid = geteuid(); - seteuid( getuid() ); + /* Prevent running Quake II as root. Only very mad + minded or stupid people even think about it. :) */ + if (getuid() == 0) + { + printf("Quake II shouldn't be run as root! Backing out to save your ass. If\n"); + printf("you really know what you're doing, edit src/unix/main.c and remove\n"); + printf("this check. But don't complain if Quake II eats your dog afterwards!\n"); + + return 1; + } + + /* Enforce the real UID to + prevent setuid crap */ + if (getuid() != geteuid()) + { + printf("The effective UID is not the real UID! Your binary is probably marked\n"); + printf("'setuid'. That is not good idea, please fix it :) If you really know\n"); + printf("what you're doin edit src/unix/main.c and remove this check. Don't\n"); + printf("complain if Quake II eats your dog afterwards!\n"); + + return 1; + } /* enforce C locale */ setenv("LC_ALL", "C", 1);