Verified Commit 91a5f1bd authored by Aral Balkan's avatar Aral Balkan
Browse files

Closes #194: refuse to launch if run from root account (not sudo)

parent 6d347f91
......@@ -31,6 +31,7 @@ This release implements a lot of small improvements, some of which have been lon
#### Security:
- Site.js will now refuse to serve the root or home directory for security reasons (#178).
- Site.js will now refuse to run if started from the root account for security reasons (#194).
#### Documentation:
......
......@@ -257,6 +257,15 @@ class Site {
// Introduce ourselves.
Site.logAppNameAndVersion()
// Refuse to run if this is the root account.
if (process.env.USER === 'root' && process.env.SUDO_USER === undefined) {
// This is an attempt to run Site.js from the root account.
// Reject for security reasons.
console.log(`\n ❌ ${clr('❨site.js❩ Error:', 'red')} Refusing to run from the root account for security reasons.\n`)
console.log(` ${clr('Please create and use an account with regular privileges to run Site.js.', 'yellow')}\n`)
process.exit(1)
}
this.eventEmitter = new EventEmitter()
// Ensure that the settings directory exists and create it if it doesn’t.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment