[checkmk-commits] Make a more secure check for existing chroot user

Module: check_mk Branch: master Commit: 770ce6172598994a608be2b4584f2c2c2f2d5688 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=770ce617259899… Author: Jukka Aro &lt;ja(a)mathias-kettner.de&gt; Date: Mon Oct 23 08:26:02 2017 +0200 Make a more secure check for existing chroot user Only match the exact username within word boundaries. Prevents accidental matches with substrings especially with our two-character usernames that can match almost whatever in /etc/passwd. Change-Id: I2053e484462f7a6de1891f0076003658dbc3ec46 --- agents/windows/make-chroot | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/agents/windows/make-chroot b/agents/windows/make-chroot index 1236f0c..df319a9 100755 --- a/agents/windows/make-chroot +++ b/agents/windows/make-chroot @@ -148,8 +148,9 @@ if [ ! -h $CHROOT_PATH/usr/bin/python ] ; then ln -sf python2.7 $CHROOT_PATH/usr/bin/python fi -# Add user for building windows agent without root privileges -if ! grep -q $SUDO_USER "$CHROOT_PATH/etc/passwd" ; then +# Add user for building windows agent without root privileges. +# Check that user does not exist before since SUDO_USER may be root, as well. +if ! grep -q "\<${SUDO_USER}\>" "$CHROOT_PATH/etc/passwd" ; then ./do-chroot "useradd -lmo -u $(id -u $SUDO_USER) -s /bin/bash $SUDO_USER" fi