GTK: Refuse to run as root.

Running chrome with sudo will change the owner of chrome's config files. This
is really bad and more people accidentally run 'sudo chrome' once and then
screw their profile up.

Inspired by a real life support case this morning and rereading jwz's take on
the issue on evanm@'s blog.

BUG=74594
TEST='sudo chrome' pops up a nice error message and all the files in the profile directory aren't owned by root.

Review URL: http://codereview.chromium.org/6591083

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@76565 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 52 insertions, 0 deletions

diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 05fdb85..e25618e 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -8076,6 +8076,12 @@ This web page was killed, either because Chrome ran out of memory, or you chose
       <message name="IDS_COULDNT_OPEN_PROFILE_ERROR" desc="Error displayed on startup when the profile can not be opened correctly due to problems reading or writing files in it">
         Your profile could not be opened correctly.\n\nSome features may be unavailable.  Please check that the profile exists and you have permission to read and write its contents.
       </message>
+      <message name="IDS_REFUSE_TO_RUN_AS_ROOT" desc="Short error message in displayed in an error dialog on startup if the user tries to run chrome as root">
+        <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> can not be run as root.
+      </message>
+      <message name="IDS_REFUSE_TO_RUN_AS_ROOT_2" desc="Detailed message in the error dialog when the user tries to start chrome as root">
+        Please start <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> as a normal user. If you have previously run <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> as root, you will need to change the ownership of your profile directory.
+      </message>
 
       <!-- Can't write to user data directory dialog -->
       <message name="IDS_CANT_WRITE_USER_DIRECTORY_TITLE" desc="Title of dialog that is displayed when we can't create a directory for this user.">
diff --git a/chrome/browser/browser_main_gtk.cc b/chrome/browser/browser_main_gtk.cc
index 017bbfa..fd73fcb 100644
--- a/chrome/browser/browser_main_gtk.cc
+++ b/chrome/browser/browser_main_gtk.cc
@@ -4,6 +4,7 @@
 
 #include "chrome/browser/browser_main_gtk.h"
 
+#include <gtk/gtk.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -18,8 +19,13 @@
 #include "chrome/common/result_codes.h"
 #include "content/browser/renderer_host/render_sandbox_host_linux.h"
 #include "content/browser/zygote_host_linux.h"
+#include "grit/chromium_strings.h"
+#include "grit/generated_resources.h"
+#include "ui/base/l10n/l10n_util.h"
+#include "ui/base/resource/resource_bundle.h"
 #include "ui/base/x/x11_util.h"
 #include "ui/base/x/x11_util_internal.h"
+#include "ui/gfx/gtk_util.h"
 
 #if defined(USE_NSS)
 #include "base/nss_util.h"
@@ -54,6 +60,8 @@ int BrowserX11IOErrorHandler(Display* d) {
 }  // namespace
 
 void BrowserMainPartsGtk::PreEarlyInitialization() {
+  DetectRunningAsRoot();
+
   BrowserMainPartsPosix::PreEarlyInitialization();
 
   SetupSandbox();
@@ -64,6 +72,43 @@ void BrowserMainPartsGtk::PreEarlyInitialization() {
 #endif
 }
 
+void BrowserMainPartsGtk::DetectRunningAsRoot() {
+  if (geteuid() == 0) {
+    const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+    gfx::GtkInitFromCommandLine(command_line);
+
+    // Get just enough of our resource machinery up so we can extract the
+    // locale appropriate string. Note that the GTK implementation ignores the
+    // passed in parameter and checks the LANG environment variables instead.
+    ResourceBundle::InitSharedInstance("");
+
+    std::string message = l10n_util::GetStringFUTF8(
+            IDS_REFUSE_TO_RUN_AS_ROOT,
+            l10n_util::GetStringUTF16(IDS_PRODUCT_NAME));
+    GtkWidget* dialog = gtk_message_dialog_new(
+        NULL,
+        static_cast<GtkDialogFlags>(0),
+        GTK_MESSAGE_ERROR,
+        GTK_BUTTONS_CLOSE,
+        "%s",
+        message.c_str());
+
+    message = l10n_util::GetStringFUTF8(
+        IDS_REFUSE_TO_RUN_AS_ROOT_2,
+        l10n_util::GetStringUTF16(IDS_PRODUCT_NAME));
+    gtk_message_dialog_format_secondary_text(GTK_MESSAGE_DIALOG(dialog),
+                                             "%s",
+                                             message.c_str());
+
+    message = l10n_util::GetStringUTF8(IDS_PRODUCT_NAME);
+    gtk_window_set_title(GTK_WINDOW(dialog), message.c_str());
+
+    gtk_dialog_run(GTK_DIALOG(dialog));
+    gtk_widget_destroy(dialog);
+    exit(EXIT_FAILURE);
+  }
+}
+
 void BrowserMainPartsGtk::SetupSandbox() {
   // TODO(evanm): move this into SandboxWrapper; I'm just trying to move this
   // code en masse out of chrome_main for now.
diff --git a/chrome/browser/browser_main_gtk.h b/chrome/browser/browser_main_gtk.h
index 0be39e7..39fb621 100644
--- a/chrome/browser/browser_main_gtk.h
+++ b/chrome/browser/browser_main_gtk.h
@@ -19,6 +19,7 @@ class BrowserMainPartsGtk : public BrowserMainPartsPosix {
   virtual void PreEarlyInitialization() OVERRIDE;
 
  private:
+  void DetectRunningAsRoot();
   void SetupSandbox();
 };