#3901 sssd returns '/' for emtpy home directories
Closed: Fixed 3 months ago Opened 3 months ago by thalman.

sssd returns '/' for emtpy home directories which could create security issues as users might not get trapped in a directory.

Using the following:

#include <stdio.h>
#include <sys/types.h>
#include <pwd.h>

int main(int argc, char *argv[])
{
    if (argc > 1) {
        struct passwd *pwd;

        pwd = getpwnam(argv[1]);
        if (pwd != NULL) {
            printf("%s homedir: '%s'\n",
                   pwd->pw_name,
                   pwd->pw_dir);
        }

    }

    return 0;
}
$ ./a.out eviluser16798
eviluser16798 homedir: ''
$ sssd 
$ ./a.out eviluser16798
eviluser16798 homedir: '/'

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1652719

3 months ago

Metadata Update from @jhrozek:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 months ago

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 2.1

3 months ago

Login to comment on this ticket.

Metadata