From 609a81639436a950dfe9be5b361d303667896741 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Sun, 12 Nov 2023 19:24:59 +0100
Subject: pam_mkhomedir: enforce absolute home directories

Encountering a relative home directory can only mean troubles.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---
 modules/pam_mkhomedir/mkhomedir_helper.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/pam_mkhomedir/mkhomedir_helper.c b/modules/pam_mkhomedir/mkhomedir_helper.c
index 58195788..fac48a1f 100644
--- a/modules/pam_mkhomedir/mkhomedir_helper.c
+++ b/modules/pam_mkhomedir/mkhomedir_helper.c
@@ -362,6 +362,11 @@ main(int argc, char *argv[])
    if (home_mode == 0)
       home_mode = 0777 & ~u_mask;
 
+   if (pwd->pw_dir[0] != '/') {
+      pam_syslog(NULL, LOG_ERR, "Relative home directory %s", pwd->pw_dir);
+      return PAM_SESSION_ERR;
+   }
+
    /* Stat the home directory, if something exists then we assume it is
       correct and return a success */
    if (stat(pwd->pw_dir, &st) == 0)
-- 
cgit v1.2.3