pam_mkhomedir: enforce absolute home directories

Encountering a relative home directory can only mean troubles. Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
author: Tobias Stoeckmann <tobias@stoeckmann.org> 2023-11-12 19:24:59 +0100
committer: Dmitry V. Levin <ldv@strace.io> 2023-11-29 15:40:53 +0000
commit: 609a81639436a950dfe9be5b361d303667896741 (patch)
tree: 54134ef577ddf7bc63cd0f6f7996bf6d915d19b9
parent: d1d94d7bdd5da640055b624ac4047c3c2621a23d (diff)
download: pam-609a81639436a950dfe9be5b361d303667896741.tar.gz
pam-609a81639436a950dfe9be5b361d303667896741.tar.bz2
pam-609a81639436a950dfe9be5b361d303667896741.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
index 58195788..fac48a1f 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
@@ -362,6 +362,11 @@ main(int argc, char *argv[])
    if (home_mode == 0)
       home_mode = 0777 & ~u_mask;
 
+   if (pwd->pw_dir[0] != '/') {
+      pam_syslog(NULL, LOG_ERR, "Relative home directory %s", pwd->pw_dir);
+      return PAM_SESSION_ERR;
+   }
+
    /* Stat the home directory, if something exists then we assume it is
       correct and return a success */
    if (stat(pwd->pw_dir, &st) == 0)
author	Tobias Stoeckmann <tobias@stoeckmann.org>	2023-11-12 19:24:59 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2023-11-29 15:40:53 +0000
commit	609a81639436a950dfe9be5b361d303667896741 (patch)
tree	54134ef577ddf7bc63cd0f6f7996bf6d915d19b9
parent	d1d94d7bdd5da640055b624ac4047c3c2621a23d (diff)
download	pam-609a81639436a950dfe9be5b361d303667896741.tar.gz pam-609a81639436a950dfe9be5b361d303667896741.tar.bz2 pam-609a81639436a950dfe9be5b361d303667896741.zip