From c0cec4603b6114ec7c8aeef7b170b85bc259208d Mon Sep 17 00:00:00 2001
From: Sylvestre Ledru <sylvestre@debian.org>
Date: Wed, 22 Mar 2023 14:02:43 +0100
Subject: [PATCH] Prevent sccache-dist from running as root

---
 src/bin/sccache-dist/main.rs | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/bin/sccache-dist/main.rs b/src/bin/sccache-dist/main.rs
index 16f262291..9d6023854 100644
--- a/src/bin/sccache-dist/main.rs
+++ b/src/bin/sccache-dist/main.rs
@@ -25,6 +25,12 @@ use std::sync::atomic::{AtomicUsize, Ordering};
 use std::sync::{Mutex, MutexGuard};
 use std::time::{Duration, Instant};
 
+#[cfg(any(
+    all(target_os = "linux", target_arch = "x86_64"),
+    target_os = "freebsd"
+))]
+use libc::{geteuid, uid_t};
+
 #[cfg_attr(target_os = "freebsd", path = "build_freebsd.rs")]
 mod build;
 
@@ -35,12 +41,27 @@ use cmdline::{AuthSubcommand, Command};
 
 pub const INSECURE_DIST_SERVER_TOKEN: &str = "dangerously_insecure_server";
 
+#[cfg(any(
+    all(target_os = "linux", target_arch = "x86_64"),
+    target_os = "freebsd"
+))]
+fn exit_if_root() {
+    let euid: uid_t = unsafe { geteuid() };
+
+    if euid == 0 {
+        println!("This program should not be executed as root.");
+        std::process::exit(1);
+    }
+}
+
 // Only supported on x86_64 Linux machines and on FreeBSD
 #[cfg(any(
     all(target_os = "linux", target_arch = "x86_64"),
     target_os = "freebsd"
 ))]
 fn main() {
+    exit_if_root();
+
     init_logging();
 
     let incr_env_strs = ["CARGO_BUILD_INCREMENTAL", "CARGO_INCREMENTAL"];