github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-06-28 01:37:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

skip allow_superuser in Windows OS (#16629)

Browse source 
As user id is always zero in Windows,
this commit excluded the checking of running as root in Windows.
This commit is contained in:
kaisecheng 2024-11-05 15:37:19 +00:00 committed by GitHub
parent 113585d4a5
commit 5847d77331
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 43 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/logstash.yml
View file

@ -320,7 +320,7 @@
# #
# ------------ Other Settings -------------- # ------------ Other Settings --------------
# #
# Allow or block running Logstash as superuser (default: true) # Allow or block running Logstash as superuser (default: true). Windows are excluded from the checking
# allow_superuser: false # allow_superuser: false
# #
# Where to find custom plugins # Where to find custom plugins

2
logstash-core/lib/logstash/runner.rb
View file

@ -454,6 +454,8 @@ class LogStash::Runner < Clamp::StrictCommand
end # def self.main end # def self.main
def running_as_superuser def running_as_superuser
return if LogStash::Environment.windows? # windows euid always returns 0, skip checking
if Process.euid() == 0 if Process.euid() == 0
if setting("allow_superuser") if setting("allow_superuser")
logger.warn("NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk. " + logger.warn("NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk. " +

70
logstash-core/spec/logstash/runner_spec.rb
View file

@ -574,41 +574,51 @@ describe LogStash::Runner do
let(:deprecation_logger_stub) { double("DeprecationLogger").as_null_object } let(:deprecation_logger_stub) { double("DeprecationLogger").as_null_object }
before(:each) { allow(runner).to receive(:deprecation_logger).and_return(deprecation_logger_stub) } before(:each) { allow(runner).to receive(:deprecation_logger).and_return(deprecation_logger_stub) }
context "unintentionally running logstash as superuser" do if LogStash::Environment.windows?
before do context "unintentionally running logstash as superuser" do
expect(Process).to receive(:euid).and_return(0) it "runs successfully" do
end LogStash::SETTINGS.set("allow_superuser", false)
it "fails with bad exit" do expect(logger).not_to receive(:fatal)
LogStash::SETTINGS.set("allow_superuser", false) expect { subject.run(args) }.not_to raise_error
expect(logger).to receive(:fatal) do |msg, hash| end
expect(msg).to eq("An unexpected error occurred!") end
expect(hash[:error].to_s).to match("Logstash cannot be run as superuser.") else
context "unintentionally running logstash as superuser" do
before do
expect(Process).to receive(:euid).and_return(0)
end
it "fails with bad exit" do
LogStash::SETTINGS.set("allow_superuser", false)
expect(logger).to receive(:fatal) do |msg, hash|
expect(msg).to eq("An unexpected error occurred!")
expect(hash[:error].to_s).to match("Logstash cannot be run as superuser.")
end
expect(subject.run(args)).to eq(1)
end end
expect(subject.run(args)).to eq(1)
end end
end
context "intentionally running logstash as superuser " do context "intentionally running logstash as superuser " do
before do before do
expect(Process).to receive(:euid).and_return(0) expect(Process).to receive(:euid).and_return(0)
end
it "runs successfully with warning message" do
LogStash::SETTINGS.set("allow_superuser", true)
expect(logger).not_to receive(:fatal)
expect(logger).to receive(:warn).with(/NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk./)
expect { subject.run(args) }.not_to raise_error
end
end end
it "runs successfully with warning message" do
LogStash::SETTINGS.set("allow_superuser", true)
expect(logger).not_to receive(:fatal)
expect(logger).to receive(:warn).with(/NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk./)
expect { subject.run(args) }.not_to raise_error
end
end
context "running logstash as non-root " do context "running logstash as non-root " do
before do before do
expect(Process).to receive(:euid).and_return(100) expect(Process).to receive(:euid).and_return(100)
end end
it "runs successfully without any messages" do it "runs successfully without any messages" do
LogStash::SETTINGS.set("allow_superuser", false) LogStash::SETTINGS.set("allow_superuser", false)
expect(logger).not_to receive(:fatal) expect(logger).not_to receive(:fatal)
expect(logger).not_to receive(:warn).with(/NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk./) expect(logger).not_to receive(:warn).with(/NOTICE: Allowing Logstash to run as superuser is heavily discouraged as it poses a security risk./)
expect { subject.run(args) }.not_to raise_error expect { subject.run(args) }.not_to raise_error
end
end end
end end
end end