From 3ce8d95ba1b3ab4e881f403929e9d4c4a4d3b234 Mon Sep 17 00:00:00 2001 From: Vivian Fang Date: Fri, 19 Feb 2016 14:39:22 -0800 Subject: [PATCH 1/5] refuse to run as root user --- notebook/notebookapp.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index cd514fc53..179b699d9 100644 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -346,6 +346,11 @@ flags['no-mathjax']=( """ ) +flags['allow-root']=( + {'NotebookApp' : {'allow_root' : True}}, + "Allow the notebook to be run from root user." +) + # Add notebook manager flags flags.update(boolean_flag('script', 'FileContentsManager.save_script', 'DEPRECATED, IGNORED', @@ -445,6 +450,10 @@ class NotebookApp(JupyterApp): help="Set the Access-Control-Allow-Credentials: true header" ) + allow_root = Bool(False, config=False, + help="Whether to allow the user to run the notebook as root." + ) + default_url = Unicode('/tree', config=True, help="The default URL to redirect to from `/`" ) @@ -1100,6 +1109,13 @@ class NotebookApp(JupyterApp): This method takes no arguments so all configuration and initialization must be done prior to calling this method.""" + try: + if os.geteuid() == 0 and not self.allow_root: + self.log.critical("Running as root is forbidden. Use --allow-root to bypass.") + self.exit(1) + except OSError as e: + pass + super(NotebookApp, self).start() info = self.log.info From 1d01627cece10c10a0d9a56b7950031b5e975841 Mon Sep 17 00:00:00 2001 From: Vivian Fang Date: Fri, 19 Feb 2016 20:13:27 -0800 Subject: [PATCH 2/5] making allow-root a valid flag --- notebook/notebookapp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index 179b699d9..73270e710 100644 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -450,7 +450,7 @@ class NotebookApp(JupyterApp): help="Set the Access-Control-Allow-Credentials: true header" ) - allow_root = Bool(False, config=False, + allow_root = Bool(False, config=True, help="Whether to allow the user to run the notebook as root." ) From 349a7f062e322ab5528f225769a4abc0ea13d95d Mon Sep 17 00:00:00 2001 From: Vivian Fang Date: Sat, 20 Feb 2016 12:40:41 -0800 Subject: [PATCH 3/5] changing OSError to be AttributeError (for windows) --- notebook/notebookapp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index 73270e710..96646cbe6 100644 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -1113,8 +1113,8 @@ class NotebookApp(JupyterApp): if os.geteuid() == 0 and not self.allow_root: self.log.critical("Running as root is forbidden. Use --allow-root to bypass.") self.exit(1) - except OSError as e: - pass + except AttributeError as e: + pass #need to add Windows super(NotebookApp, self).start() From 43ff9535028fd224b79dec5d2859eb4a82d8a4af Mon Sep 17 00:00:00 2001 From: Vivian Fang Date: Sat, 20 Feb 2016 12:46:45 -0800 Subject: [PATCH 4/5] adding windows user check --- notebook/notebookapp.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index 96646cbe6..fa6724c4b 100644 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -1110,11 +1110,13 @@ class NotebookApp(JupyterApp): This method takes no arguments so all configuration and initialization must be done prior to calling this method.""" try: - if os.geteuid() == 0 and not self.allow_root: - self.log.critical("Running as root is forbidden. Use --allow-root to bypass.") - self.exit(1) + is_root = os.geteuid() == 0 except AttributeError as e: - pass #need to add Windows + import ctypes + is_root = ctypes.windll.shell32.IsUserAnAdmin() == 1 + if is_root and not self.allow_root: + self.log.critical("Running as root is forbidden. Use --allow-root to bypass.") + self.exit(1) super(NotebookApp, self).start() From a11f81a1a95c5c4491d87c5280414b49e37e1973 Mon Sep 17 00:00:00 2001 From: Vivian Fang Date: Sat, 20 Feb 2016 13:31:21 -0800 Subject: [PATCH 5/5] removing windows check, changing error message wording --- notebook/notebookapp.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/notebook/notebookapp.py b/notebook/notebookapp.py index fa6724c4b..dc820d6dc 100644 --- a/notebook/notebookapp.py +++ b/notebook/notebookapp.py @@ -1110,13 +1110,11 @@ class NotebookApp(JupyterApp): This method takes no arguments so all configuration and initialization must be done prior to calling this method.""" try: - is_root = os.geteuid() == 0 + if os.geteuid() == 0: + self.log.critical("Running as root is not recommended. Use --allow-root to bypass.") + self.exit(1) except AttributeError as e: - import ctypes - is_root = ctypes.windll.shell32.IsUserAnAdmin() == 1 - if is_root and not self.allow_root: - self.log.critical("Running as root is forbidden. Use --allow-root to bypass.") - self.exit(1) + pass super(NotebookApp, self).start()