[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox
Subject:    Re: [PATCH v2] deluser: check if specified home is a directory before removing it
From:       Denys Vlasenko <vda.linux () googlemail ! com>
Date:       2020-06-09 16:05:41
Message-ID: CAK1hOcNxe07knar8k5Pq+cOudAmdvczdqeiF=tcFjjEuPnny_w () mail ! gmail ! com
[Download RAW message or body]

Applied.

You want if (stat(pw->pw_dir, &st) == 0 && S_ISDIR(st.st_mode))
in this case: the directory may be deleted already, should not bomb
out in this case.

On Tue, Jun 9, 2020 at 5:52 PM <soeren@soeren-tempel.net> wrote:
> 
> From: Sören Tempel <soeren+git@soeren-tempel.net>
> 
> On Alpine, some users use /dev/null as a home directory. When removing
> such a user with `deluser --remove-home` this causes the /dev/null
> device file to be removed which is undesirable. To prevent this pitfall,
> check if the home directory specified for the user is an actual
> directory (or a symlink to a directory).
> 
> Implementations of similar tools for other operating systems also
> implement such checks. For instance, the OpenBSD rmuser(1)
> implementation [0].
> 
> [0]: https://github.com/openbsd/src/blob/b69faa6c70c5bfcfdddc6138cd8e0ee18cc15b03/usr.sbin/adduser/rmuser.perl#L143-L151
>                 
> ---
> loginutils/deluser.c | 11 +++++++++--
> 1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/loginutils/deluser.c b/loginutils/deluser.c
> index 56bc7eaa6..585e82090 100644
> --- a/loginutils/deluser.c
> +++ b/loginutils/deluser.c
> @@ -99,8 +99,15 @@ int deluser_main(int argc, char **argv)
> pfile = bb_path_passwd_file;
> if (ENABLE_FEATURE_SHADOWPASSWDS)
> sfile = bb_path_shadow_file;
> -                       if (opt_delhome)
> -                               remove_file(pw->pw_dir, FILEUTILS_RECUR);
> +                       if (opt_delhome) {
> +                               struct stat st;
> +
> +                               /* Make sure home is an actual directory before
> +                                * removing it (e.g. users with /dev/null as home) \
> */ +                               xstat(pw->pw_dir, &st);
> +                               if (S_ISDIR(st.st_mode))
> +                                       remove_file(pw->pw_dir, FILEUTILS_RECUR);
> +                       }
> } else {
> struct group *gr;
> do_delgroup:
> _______________________________________________
> busybox mailing list
> busybox@busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic