ports/openmpi
ports/openmpi
1
1
Форкнуть 0
Код Релизы Активность

Extend the root-user protection to some more ORTE tools

Просмотр исходного кода
Этот коммит содержится в:
Ralph Castain 2015-03-31 10:30:49 -07:00
родитель f863147b05
Коммит f04eb6a9c0
2 изменённых файлов: 106 добавлений и 66 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

75
orte/tools/orte-dvm/orte-dvm.c
Просмотреть файл

@ -72,6 +72,7 @@
#include "opal/version.h"
#include "opal/runtime/opal.h"
#include "opal/runtime/opal_info_support.h"
#include "opal/util/os_path.h"
#include "opal/util/path.h"
#include "opal/class/opal_pointer_array.h"
@ -101,6 +102,7 @@ static struct {
char *report_uri;
char *basename;
char *prefix;
bool run_as_root;
} myglobals;
static opal_cmd_line_init_t cmd_line_init[] = {
@ -128,6 +130,10 @@ static opal_cmd_line_init_t cmd_line_init[] = {
NULL, OPAL_CMD_LINE_TYPE_BOOL,
"Enable debugging of OpenRTE" },
{ NULL, '\0', "allow-run-as-root", "allow-run-as-root", 0,
&myglobals.run_as_root, OPAL_CMD_LINE_TYPE_BOOL,
"Allow execution as root (STRONGLY DISCOURAGED)" },
/* End of list */
{ NULL, '\0', NULL, NULL, 0,
NULL, OPAL_CMD_LINE_TYPE_NULL, NULL }
@ -161,6 +167,53 @@ int main(int argc, char *argv[])
return rc;
}
/* print version if requested. Do this before check for help so
that --version --help works as one might expect. */
if (myglobals.version) {
char *str;
str = opal_info_make_version_str("all",
OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION,
OPAL_RELEASE_VERSION,
OPAL_GREEK_VERSION,
OPAL_REPO_REV);
if (NULL != str) {
fprintf(stdout, "%s %s\n\nReport bugs to %s\n",
myglobals.basename, str, PACKAGE_BUGREPORT);
free(str);
}
exit(0);
}
/* DO NOT LET ROOT CALL ORTE_INIT/FINALIZE AS IT CAN BLAST SYSTEM FILES
* TO BE FULLY SAFE, WE DON'T ALLOW ANYTHING MORE THAN THE VERSION OUTPUT */
/* check if we are running as root - if we are, then only allow
* us to proceed if the allow-run-as-root flag was given. Otherwise,
* exit with a giant warning flag
*/
if (0 == geteuid() && !myglobals.run_as_root) {
if (myglobals.help) {
fprintf(stderr, "%s cannot provide the help message when run as root\n"
"Please run as regular user, or add the --run-as-root flag\n"
"NOTE: running as root is not recommended as it can lead\n"
"to unintended deletion of system files if the prefix used\n"
"to build %s points to a system location\n",
myglobals.basename, myglobals.basename);
} else {
/* show_help is not yet available, so print an error manually */
fprintf(stderr, "--------------------------------------------------------------------------\n");
fprintf(stderr, "%s has detected an attempt to run as root. This is *strongly*\n", myglobals.basename);
fprintf(stderr, "discouraged as any mistake (e.g., in defining TMPDIR) or bug can\n");
fprintf(stderr, "result in catastrophic damage to the OS file system, leaving\n");
fprintf(stderr, "your system in an unusable state.\n\n");
fprintf(stderr, "You can override this protection by adding the --allow-run-as-root\n");
fprintf(stderr, "option to your cmd line. However, we reiterate our strong advice\n");
fprintf(stderr, "against doing so - please do so at your own risk.\n");
fprintf(stderr, "--------------------------------------------------------------------------\n");
}
exit(1);
}
/*
* Since this process can now handle MCA/GMCA parameters, make sure to
* process them.
@ -177,28 +230,6 @@ int main(int argc, char *argv[])
exit(1);
}
/* Check for some "global" command line params */
/* print version if requested. Do this before check for help so
that --version --help works as one might expect. */
if (myglobals.version) {
char *str;
char *project_name = NULL;
if (0 == strcmp(myglobals.basename, "ompi-dvm")) {
project_name = "Open MPI";
} else {
project_name = "OpenRTE";
}
str = opal_show_help_string("help-orterun.txt", "orterun:version",
false,
myglobals.basename, project_name, OPAL_VERSION,
PACKAGE_BUGREPORT);
if (NULL != str) {
printf("%s", str);
free(str);
}
exit(0);
}
/* Check for help request */
if (myglobals.help) {
char *str, *args = NULL;

97
orte/tools/orte-submit/orte-submit.c
Просмотреть файл

@ -80,6 +80,7 @@
#include "opal/version.h"
#include "opal/runtime/opal.h"
#include "opal/runtime/opal_info_support.h"
#include "opal/util/os_path.h"
#include "opal/util/path.h"
#include "opal/class/opal_pointer_array.h"
@ -147,6 +148,7 @@ static struct {
bool report_bindings;
char *slot_list;
bool debug;
bool run_as_root;
} myglobals;
static opal_cmd_line_init_t cmd_line_init[] = {
@ -316,6 +318,10 @@ static opal_cmd_line_init_t cmd_line_init[] = {
&myglobals.debug, OPAL_CMD_LINE_TYPE_BOOL,
"Enable debugging of OpenRTE" },
{ NULL, '\0', "allow-run-as-root", "allow-run-as-root", 0,
&myglobals.run_as_root, OPAL_CMD_LINE_TYPE_BOOL,
"Allow execution as root (STRONGLY DISCOURAGED)" },
/* End of list */
{ NULL, '\0', NULL, NULL, 0,
NULL, OPAL_CMD_LINE_TYPE_NULL, NULL }
@ -370,6 +376,53 @@ int main(int argc, char *argv[])
return rc;
}
/* print version if requested. Do this before check for help so
that --version --help works as one might expect. */
if (myglobals.version) {
char *str;
str = opal_info_make_version_str("all",
OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION,
OPAL_RELEASE_VERSION,
OPAL_GREEK_VERSION,
OPAL_REPO_REV);
if (NULL != str) {
fprintf(stdout, "%s %s\n\nReport bugs to %s\n",
myglobals.basename, str, PACKAGE_BUGREPORT);
free(str);
}
exit(0);
}
/* DO NOT LET ROOT CALL ORTE_INIT/FINALIZE AS IT CAN BLAST SYSTEM FILES
* TO BE FULLY SAFE, WE DON'T ALLOW ANYTHING MORE THAN THE VERSION OUTPUT */
/* check if we are running as root - if we are, then only allow
* us to proceed if the allow-run-as-root flag was given. Otherwise,
* exit with a giant warning flag
*/
if (0 == geteuid() && !myglobals.run_as_root) {
if (myglobals.help) {
fprintf(stderr, "%s cannot provide the help message when run as root\n"
"Please run as regular user, or add the --run-as-root flag\n"
"NOTE: running as root is not recommended as it can lead\n"
"to unintended deletion of system files if the prefix used\n"
"to build %s points to a system location\n",
myglobals.basename, myglobals.basename);
} else {
/* show_help is not yet available, so print an error manually */
fprintf(stderr, "--------------------------------------------------------------------------\n");
fprintf(stderr, "%s has detected an attempt to run as root. This is *strongly*\n", myglobals.basename);
fprintf(stderr, "discouraged as any mistake (e.g., in defining TMPDIR) or bug can\n");
fprintf(stderr, "result in catastrophic damage to the OS file system, leaving\n");
fprintf(stderr, "your system in an unusable state.\n\n");
fprintf(stderr, "You can override this protection by adding the --allow-run-as-root\n");
fprintf(stderr, "option to your cmd line. However, we reiterate our strong advice\n");
fprintf(stderr, "against doing so - please do so at your own risk.\n");
fprintf(stderr, "--------------------------------------------------------------------------\n");
}
exit(1);
}
/*
* Since this process can now handle MCA/GMCA parameters, make sure to
* process them.
@ -698,50 +751,6 @@ static int init_globals(void)
static int parse_globals(int argc, char* argv[], opal_cmd_line_t *cmd_line)
{
/* print version if requested. Do this before check for help so
that --version --help works as one might expect. */
if (myglobals.version) {
char *str, *project_name = NULL;
if (0 == strcmp(myglobals.basename, "ompi-submit")) {
project_name = "Open MPI";
} else {
project_name = "OpenRTE";
}
str = opal_show_help_string("help-orterun.txt", "orterun:version",
false,
myglobals.basename, project_name, OPAL_VERSION,
PACKAGE_BUGREPORT);
if (NULL != str) {
printf("%s", str);
free(str);
}
exit(0);
}
/* Check for help request */
if (myglobals.help) {
char *str, *args = NULL;
char *project_name = NULL;
if (0 == strcmp(myglobals.basename, "ompi-submit")) {
project_name = "Open MPI";
} else {
project_name = "OpenRTE";
}
args = opal_cmd_line_get_usage_msg(cmd_line);
str = opal_show_help_string("help-orterun.txt", "orterun:usage", false,
myglobals.basename, project_name, OPAL_VERSION,
myglobals.basename, args,
PACKAGE_BUGREPORT);
if (NULL != str) {
printf("%s", str);
free(str);
}
free(args);
/* If someone asks for help, that should be all we do */
exit(0);
}
/* check for request to report pid */
if (NULL != myglobals.report_pid) {
FILE *fp;