From 723e099972c16458af79ec0a86097d58576725d6 Mon Sep 17 00:00:00 2001 From: Katarina Behrens Date: Fri, 12 Jun 2015 14:03:35 +0200 Subject: Don't let root run unopkg without --shared option with the exception of -h|--help. It only makes sense to run unopkg with root priviledges if adding, deleting etc. extensions system-wide for all users (i.e with --shared switch ). In all other cases it only messes up access rights to extensions, so prevent that. Furtheron, running LibO from the root account (and installing root-user-local extensions) is not a supported scenario. Change-Id: I2817f62ae0bb400cefed240e792873f563fbe76e Reviewed-on: https://gerrit.libreoffice.org/16250 Reviewed-by: Thorsten Behrens Tested-by: Thorsten Behrens --- desktop/scripts/unopkg.sh | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'desktop/scripts') diff --git a/desktop/scripts/unopkg.sh b/desktop/scripts/unopkg.sh index a9d43bf90220..6deb032bb12a 100755 --- a/desktop/scripts/unopkg.sh +++ b/desktop/scripts/unopkg.sh @@ -49,17 +49,32 @@ AIX) ;; esac +HELP_MODE=0 +SHARED_MODE=0 #collect all bootstrap variables specified on the command line #so that they can be passed as arguments to javaldx later on for arg in $@ do case "$arg" in -env:*) BOOTSTRAPVARS=$BOOTSTRAPVARS" ""$arg";; - --shared) umask 0022;; + --shared) + umask 0022 + SHARED_MODE=1 + ;; # make sure shared extensions will be readable by all users + -h|--help) HELP_MODE=1;; esac done +# we don't really want root to run unopkg without --shared option +if [ "$EUID" -eq 0 ]; then + # but we might at least let him read help + if [ $SHARED_MODE -eq 0 ] && [ $HELP_MODE -eq 0 ]; then + echo "Cannot run '${0} $*' as root (did you forget --shared option?)" + exit 1 + fi +fi + # extend the ld_library_path for java: javaldx checks the sofficerc for us if [ -x "${sd_prog}/javaldx" ] ; then my_path=`"${sd_prog}/javaldx" $BOOTSTRAPVARS \ -- cgit