On 6/9/20 12:44 PM, soe...@soeren-tempel.net wrote: > From: Sören Tempel <soeren+...@soeren-tempel.net> > > On Alpine, some users use /dev/null as a home directory. When removing > such a user with `deluser --remove-home` this causes the /dev/null > device file to be removed which is undesirable. To prevent this pitfall, > check if the home directory specified for the user is an actual > directory (or a symlink to a directory). > > Implementations of similar tools for other operating systems also > implement such checks. For instance, the OpenBSD rmuser(1) > implementation [0]. > > [0]: > https://github.com/openbsd/src/blob/b69faa6c70c5bfcfdddc6138cd8e0ee18cc15b03/usr.sbin/adduser/rmuser.perl#L143-L151 > --- > loginutils/deluser.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/loginutils/deluser.c b/loginutils/deluser.c > index 56bc7eaa6..633958b9c 100644 > --- a/loginutils/deluser.c > +++ b/loginutils/deluser.c > @@ -99,8 +99,16 @@ int deluser_main(int argc, char **argv) > pfile = bb_path_passwd_file; > if (ENABLE_FEATURE_SHADOWPASSWDS) > sfile = bb_path_shadow_file; > - if (opt_delhome) > - remove_file(pw->pw_dir, FILEUTILS_RECUR); > + if (opt_delhome) { > + struct stat st; > + > + /* Make sure home is an actual directory before > + * removing it (e.g. users with /dev/null as > home) */ > + if (stat(pw->pw_dir, &st)) > + bb_error_msg_and_die("can't stat '%s'", > pw->pw_dir); Hi, use xstat(pw->pw_dir, &st); > + if (S_ISDIR(st.st_mode)) > + remove_file(pw->pw_dir, > FILEUTILS_RECUR); > + } > } else { > struct group *gr; > do_delgroup:
Ciao, Tito _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
