[git commit] deluser: check if specified home is a directory before removing it

Denys Vlasenko vda.linux at googlemail.com
Tue Jun 9 16:04:31 UTC 2020


commit: https://git.busybox.net/busybox/commit/?id=0356607264b8e1476d98a81667488ba1d6295d23
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

On Alpine, some users use /dev/null as a home directory. When removing
such a user with `deluser --remove-home` this causes the /dev/null
device file to be removed which is undesirable. To prevent this pitfall,
check if the home directory specified for the user is an actual
directory (or a symlink to a directory).

Implementations of similar tools for other operating systems also
implement such checks. For instance, the OpenBSD rmuser(1)
implementation [0].

[0]: https://github.com/openbsd/src/blob/b69faa6c70c5bfcfdddc6138cd8e0ee18cc15b03/usr.sbin/adduser/rmuser.perl#L143-L151

function                                             old     new   delta
deluser_main                                         337     380     +43

Signed-off-by: Sören Tempel <soeren+git at soeren-tempel.net>
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 loginutils/deluser.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/loginutils/deluser.c b/loginutils/deluser.c
index 56bc7eaa6..8e7df737c 100644
--- a/loginutils/deluser.c
+++ b/loginutils/deluser.c
@@ -99,8 +99,14 @@ int deluser_main(int argc, char **argv)
 			pfile = bb_path_passwd_file;
 			if (ENABLE_FEATURE_SHADOWPASSWDS)
 				sfile = bb_path_shadow_file;
-			if (opt_delhome)
-				remove_file(pw->pw_dir, FILEUTILS_RECUR);
+			if (opt_delhome) {
+				struct stat st;
+
+				/* Make sure home is an actual directory before
+				 * removing it (e.g. users with /dev/null as home) */
+				if (stat(pw->pw_dir, &st) == 0 && S_ISDIR(st.st_mode))
+					remove_file(pw->pw_dir, FILEUTILS_RECUR);
+			}
 		} else {
 			struct group *gr;
  do_delgroup:


More information about the busybox-cvs mailing list