From a9b7e9e368e79957ef492304bf62742b1304b7bb Mon Sep 17 00:00:00 2001

From: Matthias Clasen <mclasen@redhat.com>

Date: Fri, 1 Nov 2013 17:09:25 -0400

Subject: [PATCH] Avoid deleting the root user

The check we have in place against deleting the root user can

be tricked by exploiting the fact that we are checking a gint64,

and then later cast it to a uid_t. This can be seen with the

following test, which will delete your root account:

qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \

     org.freedesktop.Accounts.DeleteUser -9223372036854775808 true

Found with the dfuzzer tool,

https://github.com/matusmarhefka/dfuzzer

---

 src/daemon.c | 6 +++---

 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/daemon.c b/src/daemon.c

index 9c9f617..b2720f4 100644

--- a/src/daemon.c

+++ b/src/daemon.c

@@ -1232,7 +1232,7 @@ daemon_uncache_user (AccountsAccounts      *accounts,

 }

 typedef struct {

-        gint64 uid;

+        uid_t uid;

         gboolean remove_files;

 } DeleteUserData;

@@ -1314,13 +1314,13 @@ daemon_delete_user (AccountsAccounts      *accounts,

         Daemon *daemon = (Daemon*)accounts;

         DeleteUserData *data;

-        if (uid == 0) {

+        if ((uid_t)uid == 0) {

                 throw_error (context, ERROR_FAILED, "Refuse to delete root user");

                 return TRUE;

         }

         data = g_new0 (DeleteUserData, 1);

-        data->uid = uid;

+        data->uid = (uid_t)uid;

         data->remove_files = remove_files;

         daemon_local_check_auth (daemon,

-- 

1.8.4.2