Created attachment 88513 [details] patch The check we have in place against deleting the root user can be tricked by exploiting the fact that we are checking a gint64, and then later cast it to a uid_t. This can be seen with the following test, which will delete your root account: qdbus --system org.freedesktop.Accounts /org/freedesktop/Accounts \ org.freedesktop.Accounts.DeleteUser -9223372036854775808 true Found with the dfuzzer tool, https://github.com/matusmarhefka/dfuzzer
thanks, pushed!
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.