Subject: bin/11103: userdel will gleefully delete anything with -r
To: None <gnats-bugs@gnats.netbsd.org>
From: Charlie Root <root@garbled.net>
List: netbsd-bugs
Date: 09/30/2000 08:47:22
>Number:         11103
>Category:       bin
>Synopsis:       userdel will gleefully delete anything with -r
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Sep 30 08:53:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Tim Rightnour
>Release:        1.5ALPHA2<NetBSD-current source date>
>Organization:
	
>Environment:
	
System: NetBSD polaris 1.3.2 NetBSD 1.3.2 (POLARIS) #1: Fri Nov 6 07:41:34 MST 1998 root@:/usr/src/sys/arch/i386/compile/POLARIS i386


>Description:
Userdel will gleefully wipe out any directory handed to it, recursively, when
used with the -r option.  Including such favorites as /, and /root.  While
we do "supply the rope", in this case, perhaps we supply a bit too much rope.

	
>How-To-Repeat:
code inspection, or..  delete toor with -r..
	
>Fix:
It should run some basic checks:

1) directory should be two components, the first not being /usr or /var, and
the second being the username.

2) it should su to the user before deleting the directory, and check the
ownership of the directory.

3) it should refuse to delete user's homedirs whose UID is 0.

While these checks are imperfect.. they are far better then some poor
unsuspecting newbie blasting /root on a machine deleting toor.  In these cases
the user shuold be deleted, and a message like:
User's home directory possibly unsafe.  Please check and manually remove.
should be printed.  In the very least.. it should never, ever, remove /, or
/root.  Perhaps it should even do a -xdev on the rm.
	
>Release-Note:
>Audit-Trail:
>Unformatted: