deluser: check if specified home is a directory before removing it

On Alpine, some users use /dev/null as a home directory. When removing
such a user with `deluser --remove-home` this causes the /dev/null
device file to be removed which is undesirable. To prevent this pitfall,
check if the home directory specified for the user is an actual
directory (or a symlink to a directory).

Implementations of similar tools for other operating systems also
implement such checks. For instance, the OpenBSD rmuser(1)
implementation [0].

[0]: b69faa6c70/usr.sbin/adduser/rmuser.perl (L143-L151)

function                                             old     new   delta
deluser_main                                         337     380     +43

Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Sören Tempel 2020-06-09 17:51:26 +02:00 committed by Denys Vlasenko
parent d30d1ebc11
commit 0356607264

View File

@ -99,8 +99,14 @@ int deluser_main(int argc, char **argv)
pfile = bb_path_passwd_file; pfile = bb_path_passwd_file;
if (ENABLE_FEATURE_SHADOWPASSWDS) if (ENABLE_FEATURE_SHADOWPASSWDS)
sfile = bb_path_shadow_file; sfile = bb_path_shadow_file;
if (opt_delhome) if (opt_delhome) {
remove_file(pw->pw_dir, FILEUTILS_RECUR); struct stat st;
/* Make sure home is an actual directory before
* removing it (e.g. users with /dev/null as home) */
if (stat(pw->pw_dir, &st) == 0 && S_ISDIR(st.st_mode))
remove_file(pw->pw_dir, FILEUTILS_RECUR);
}
} else { } else {
struct group *gr; struct group *gr;
do_delgroup: do_delgroup: