diff --git a/orte/tools/orte-dvm/orte-dvm.c b/orte/tools/orte-dvm/orte-dvm.c index 5953d7c28b..68646c7bfb 100644 --- a/orte/tools/orte-dvm/orte-dvm.c +++ b/orte/tools/orte-dvm/orte-dvm.c @@ -72,6 +72,7 @@ #include "opal/version.h" #include "opal/runtime/opal.h" +#include "opal/runtime/opal_info_support.h" #include "opal/util/os_path.h" #include "opal/util/path.h" #include "opal/class/opal_pointer_array.h" @@ -101,6 +102,7 @@ static struct { char *report_uri; char *basename; char *prefix; + bool run_as_root; } myglobals; static opal_cmd_line_init_t cmd_line_init[] = { @@ -128,6 +130,10 @@ static opal_cmd_line_init_t cmd_line_init[] = { NULL, OPAL_CMD_LINE_TYPE_BOOL, "Enable debugging of OpenRTE" }, + { NULL, '\0', "allow-run-as-root", "allow-run-as-root", 0, + &myglobals.run_as_root, OPAL_CMD_LINE_TYPE_BOOL, + "Allow execution as root (STRONGLY DISCOURAGED)" }, + /* End of list */ { NULL, '\0', NULL, NULL, 0, NULL, OPAL_CMD_LINE_TYPE_NULL, NULL } @@ -161,6 +167,53 @@ int main(int argc, char *argv[]) return rc; } + /* print version if requested. Do this before check for help so + that --version --help works as one might expect. */ + if (myglobals.version) { + char *str; + str = opal_info_make_version_str("all", + OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION, + OPAL_RELEASE_VERSION, + OPAL_GREEK_VERSION, + OPAL_REPO_REV); + if (NULL != str) { + fprintf(stdout, "%s %s\n\nReport bugs to %s\n", + myglobals.basename, str, PACKAGE_BUGREPORT); + free(str); + } + exit(0); + } + + /* DO NOT LET ROOT CALL ORTE_INIT/FINALIZE AS IT CAN BLAST SYSTEM FILES + * TO BE FULLY SAFE, WE DON'T ALLOW ANYTHING MORE THAN THE VERSION OUTPUT */ + + /* check if we are running as root - if we are, then only allow + * us to proceed if the allow-run-as-root flag was given. Otherwise, + * exit with a giant warning flag + */ + if (0 == geteuid() && !myglobals.run_as_root) { + if (myglobals.help) { + fprintf(stderr, "%s cannot provide the help message when run as root\n" + "Please run as regular user, or add the --run-as-root flag\n" + "NOTE: running as root is not recommended as it can lead\n" + "to unintended deletion of system files if the prefix used\n" + "to build %s points to a system location\n", + myglobals.basename, myglobals.basename); + } else { + /* show_help is not yet available, so print an error manually */ + fprintf(stderr, "--------------------------------------------------------------------------\n"); + fprintf(stderr, "%s has detected an attempt to run as root. This is *strongly*\n", myglobals.basename); + fprintf(stderr, "discouraged as any mistake (e.g., in defining TMPDIR) or bug can\n"); + fprintf(stderr, "result in catastrophic damage to the OS file system, leaving\n"); + fprintf(stderr, "your system in an unusable state.\n\n"); + fprintf(stderr, "You can override this protection by adding the --allow-run-as-root\n"); + fprintf(stderr, "option to your cmd line. However, we reiterate our strong advice\n"); + fprintf(stderr, "against doing so - please do so at your own risk.\n"); + fprintf(stderr, "--------------------------------------------------------------------------\n"); + } + exit(1); + } + /* * Since this process can now handle MCA/GMCA parameters, make sure to * process them. @@ -177,28 +230,6 @@ int main(int argc, char *argv[]) exit(1); } - /* Check for some "global" command line params */ - /* print version if requested. Do this before check for help so - that --version --help works as one might expect. */ - if (myglobals.version) { - char *str; - char *project_name = NULL; - if (0 == strcmp(myglobals.basename, "ompi-dvm")) { - project_name = "Open MPI"; - } else { - project_name = "OpenRTE"; - } - str = opal_show_help_string("help-orterun.txt", "orterun:version", - false, - myglobals.basename, project_name, OPAL_VERSION, - PACKAGE_BUGREPORT); - if (NULL != str) { - printf("%s", str); - free(str); - } - exit(0); - } - /* Check for help request */ if (myglobals.help) { char *str, *args = NULL; diff --git a/orte/tools/orte-submit/orte-submit.c b/orte/tools/orte-submit/orte-submit.c index 5086dd5280..6ef2413557 100644 --- a/orte/tools/orte-submit/orte-submit.c +++ b/orte/tools/orte-submit/orte-submit.c @@ -80,6 +80,7 @@ #include "opal/version.h" #include "opal/runtime/opal.h" +#include "opal/runtime/opal_info_support.h" #include "opal/util/os_path.h" #include "opal/util/path.h" #include "opal/class/opal_pointer_array.h" @@ -147,6 +148,7 @@ static struct { bool report_bindings; char *slot_list; bool debug; + bool run_as_root; } myglobals; static opal_cmd_line_init_t cmd_line_init[] = { @@ -316,6 +318,10 @@ static opal_cmd_line_init_t cmd_line_init[] = { &myglobals.debug, OPAL_CMD_LINE_TYPE_BOOL, "Enable debugging of OpenRTE" }, + { NULL, '\0', "allow-run-as-root", "allow-run-as-root", 0, + &myglobals.run_as_root, OPAL_CMD_LINE_TYPE_BOOL, + "Allow execution as root (STRONGLY DISCOURAGED)" }, + /* End of list */ { NULL, '\0', NULL, NULL, 0, NULL, OPAL_CMD_LINE_TYPE_NULL, NULL } @@ -370,6 +376,53 @@ int main(int argc, char *argv[]) return rc; } + /* print version if requested. Do this before check for help so + that --version --help works as one might expect. */ + if (myglobals.version) { + char *str; + str = opal_info_make_version_str("all", + OPAL_MAJOR_VERSION, OPAL_MINOR_VERSION, + OPAL_RELEASE_VERSION, + OPAL_GREEK_VERSION, + OPAL_REPO_REV); + if (NULL != str) { + fprintf(stdout, "%s %s\n\nReport bugs to %s\n", + myglobals.basename, str, PACKAGE_BUGREPORT); + free(str); + } + exit(0); + } + + /* DO NOT LET ROOT CALL ORTE_INIT/FINALIZE AS IT CAN BLAST SYSTEM FILES + * TO BE FULLY SAFE, WE DON'T ALLOW ANYTHING MORE THAN THE VERSION OUTPUT */ + + /* check if we are running as root - if we are, then only allow + * us to proceed if the allow-run-as-root flag was given. Otherwise, + * exit with a giant warning flag + */ + if (0 == geteuid() && !myglobals.run_as_root) { + if (myglobals.help) { + fprintf(stderr, "%s cannot provide the help message when run as root\n" + "Please run as regular user, or add the --run-as-root flag\n" + "NOTE: running as root is not recommended as it can lead\n" + "to unintended deletion of system files if the prefix used\n" + "to build %s points to a system location\n", + myglobals.basename, myglobals.basename); + } else { + /* show_help is not yet available, so print an error manually */ + fprintf(stderr, "--------------------------------------------------------------------------\n"); + fprintf(stderr, "%s has detected an attempt to run as root. This is *strongly*\n", myglobals.basename); + fprintf(stderr, "discouraged as any mistake (e.g., in defining TMPDIR) or bug can\n"); + fprintf(stderr, "result in catastrophic damage to the OS file system, leaving\n"); + fprintf(stderr, "your system in an unusable state.\n\n"); + fprintf(stderr, "You can override this protection by adding the --allow-run-as-root\n"); + fprintf(stderr, "option to your cmd line. However, we reiterate our strong advice\n"); + fprintf(stderr, "against doing so - please do so at your own risk.\n"); + fprintf(stderr, "--------------------------------------------------------------------------\n"); + } + exit(1); + } + /* * Since this process can now handle MCA/GMCA parameters, make sure to * process them. @@ -698,50 +751,6 @@ static int init_globals(void) static int parse_globals(int argc, char* argv[], opal_cmd_line_t *cmd_line) { - /* print version if requested. Do this before check for help so - that --version --help works as one might expect. */ - if (myglobals.version) { - char *str, *project_name = NULL; - if (0 == strcmp(myglobals.basename, "ompi-submit")) { - project_name = "Open MPI"; - } else { - project_name = "OpenRTE"; - } - str = opal_show_help_string("help-orterun.txt", "orterun:version", - false, - myglobals.basename, project_name, OPAL_VERSION, - PACKAGE_BUGREPORT); - if (NULL != str) { - printf("%s", str); - free(str); - } - exit(0); - } - - /* Check for help request */ - if (myglobals.help) { - char *str, *args = NULL; - char *project_name = NULL; - if (0 == strcmp(myglobals.basename, "ompi-submit")) { - project_name = "Open MPI"; - } else { - project_name = "OpenRTE"; - } - args = opal_cmd_line_get_usage_msg(cmd_line); - str = opal_show_help_string("help-orterun.txt", "orterun:usage", false, - myglobals.basename, project_name, OPAL_VERSION, - myglobals.basename, args, - PACKAGE_BUGREPORT); - if (NULL != str) { - printf("%s", str); - free(str); - } - free(args); - - /* If someone asks for help, that should be all we do */ - exit(0); - } - /* check for request to report pid */ if (NULL != myglobals.report_pid) { FILE *fp;