rc: let our shells only be usable by root

opnsense · Feb 6, 2018 · 7753430 · 7753430
1 parent ea0d0e5
commit 7753430
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/src/etc/rc.importer b/src/etc/rc.importer
@@ -27,6 +27,11 @@
 INSTALL="/.probe.for.install.media"
 MNT="/tmp/hdrescue"
 
+if [ "$(id -u)" != "0" ]; then
+	echo "Must be root."
+	exit 1
+fi
+
 bootstrap_and_exit()
 {
 	# ensure config directory structure

diff --git a/src/etc/rc.initial b/src/etc/rc.initial
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2014-2017 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2014-2018 Franco Fichtner <franco@opnsense.org>
 # Copyright (c) 2004-2011 Scott Ullrich <sullrich@gmail.com>
 # Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>
 # All rights reserved.
@@ -9,6 +9,11 @@
 trap : 2
 trap : 3
 
+if [ "$(id -u)" != "0" ]; then
+	echo "Must be root."
+	exit 1
+fi
+
 # shell started with parameters, passthrough to real shell
 if [ -n "${*}" ]; then
 	/bin/csh "${@}"

diff --git a/src/etc/rc.installer b/src/etc/rc.installer
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2014-2017 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2014-2018 Franco Fichtner <franco@opnsense.org>
 # Copyright (c) 2004-2009 Scott Ullrich <sullrich@gmail.com>
 #
 # Redistribution and use in source and binary forms, with or without
@@ -24,6 +24,11 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
+if [ "$(id -u)" != "0" ]; then
+	echo "Must be root."
+	exit 1
+fi
+
 sysctl kern.geom.debugflags=16 >/dev/null
 sysctl net.link.ether.inet.log_arp_wrong_iface=0 >/dev/null