Merge pull request #143 from t8m/fedora

usermod: Guard against unsafe change of ownership of home contents
This commit is contained in:
Serge Hallyn 2019-04-21 16:56:36 -05:00 committed by GitHub
commit fbb59823c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -2313,7 +2313,10 @@ int main (int argc, char **argv)
} }
if (!mflg && (uflg || gflg)) { if (!mflg && (uflg || gflg)) {
if (access (dflg ? prefix_user_newhome : prefix_user_home, F_OK) == 0) { struct stat sb;
if (stat (dflg ? prefix_user_newhome : prefix_user_home, &sb) == 0 &&
((uflg && sb.st_uid == user_newid) || sb.st_uid == user_id)) {
/* /*
* Change the UID on all of the files owned by * Change the UID on all of the files owned by
* `user_id' to `user_newid' in the user's home * `user_id' to `user_newid' in the user's home