Add some further protections after discussion with Jeff

Refs trac:4536

This commit was SVN r31422.

The following Trac tickets were found above:
  Ticket 4536 --> https://svn.open-mpi.org/trac/ompi/ticket/4536

orte/tools/orterun/orterun.c

@@ -538,6 +538,10 @@ static opal_cmd_line_init_t cmd_line_init[] = {
       NULL, OPAL_CMD_LINE_TYPE_BOOL,
       "Used staged execution if inadequate resources are present (cannot support MPI jobs)" },
 
+    { NULL, '\0', "allow-run-as-root", "allow-run-as-root", 0,
+      &orterun_globals.run_as_root, OPAL_CMD_LINE_TYPE_BOOL,
+      "Allow execution as root (STRONGLY DISCOURAGED)" },
+
     /* End of list */
     { NULL, '\0', NULL, NULL, 0,
       NULL, OPAL_CMD_LINE_TYPE_NULL, NULL }
@@ -639,6 +643,24 @@ int orterun(int argc, char *argv[])
         return rc;
     }
 
+    /* check if we are running as root - if we are, then only allow
+     * us to proceed if the allow-run-as-root flag was given. Otherwise,
+     * exit with a giant warning flag
+     */
+    if (0 == geteuid() && !orterun_globals.run_as_root) {
+        /* show_help is not yet available, so print an error manually */
+        fprintf(stderr, "\n--------------------------------------------------------------\n");
+        fprintf(stderr, "%s has detected an attempt to run as root. This is *strongly*\n", orte_basename);
+        fprintf(stderr, "discouraged as any mistake (e.g., in defining TMPDIR) or bug can\n");
+        fprintf(stderr, "result in catastrophic damage to the OS file system, leaving\n");
+        fprintf(stderr, "your system in an unusable state.\n\n");
+        fprintf(stderr, "You can override this protection by adding the --allow-run-as-root\n");
+        fprintf(stderr, "option to your cmd line. However, we reiterate our strong advice\n");
+        fprintf(stderr, "against doing so - please do so at your own risk.\n");
+        fprintf(stderr, "\n--------------------------------------------------------------\n");
+        exit(1);
+    }
+
     /*
      * Since this process can now handle MCA/GMCA parameters, make sure to
      * process them.
@@ -1092,6 +1114,7 @@ static int init_globals(void)
         orterun_globals.report_uri        = NULL;
         orterun_globals.disable_recovery = false;
         orterun_globals.index_argv = false;
+        orterun_globals.run_as_root = false;
     }
 
     /* Reset the other fields every time */

orte/tools/orterun/orterun.h

@@ -12,6 +12,7 @@
  * Copyright (c) 2007-2011 Cisco Systems, Inc.  All rights reserved.
  * Copyright (c) 2012-2013 Los Alamos National Security, LLC.
  *                         All rights reserved
+ * Copyright (c) 2014      Intel, Inc. All rights reserved.
  * $COPYRIGHT$
  * 
  * Additional copyrights may follow
@@ -62,6 +63,7 @@ struct orterun_globals_t {
     bool disable_recovery;
     bool preload_binaries;
     bool index_argv;
+    bool run_as_root;
 };
 
 /**

orte/util/session_dir.c

@@ -483,6 +483,18 @@ orte_session_dir_cleanup(orte_jobid_t jobid)
         return ORTE_SUCCESS;
     }
     
+    if (NULL == orte_process_info.tmpdir_base &&
+        NULL == orte_process_info.top_session_dir) {
+        /* this should never happen - it means we are calling
+         * cleanup *before* properly setting up the session
+         * dir system. This leaves open the possibility of
+         * accidentally removing directories we shouldn't
+         * touch
+         */
+        rc = ORTE_ERR_NOT_INITIALIZED;
+        goto CLEANUP;
+    }
+
     /* need to setup the top_session_dir with the prefix */
     tmp = opal_os_path(false,
                        orte_process_info.tmpdir_base,
@@ -561,6 +573,18 @@ orte_session_dir_finalize(orte_process_name_t *proc)
         return ORTE_SUCCESS;
     }
     
+    if (NULL == orte_process_info.tmpdir_base &&
+        NULL == orte_process_info.top_session_dir) {
+        /* this should never happen - it means we are calling
+         * cleanup *before* properly setting up the session
+         * dir system. This leaves open the possibility of
+         * accidentally removing directories we shouldn't
+         * touch
+         */
+        ORTE_ERROR_LOG(ORTE_ERR_NOT_INITIALIZED);
+        return ORTE_ERR_NOT_INITIALIZED;
+    }
+
     /* need to setup the top_session_dir with the prefix */
     tmp = opal_os_path(false,
                        orte_process_info.tmpdir_base,