Prevent backing up dom0 to itself (in home dir)

alimirjamali · alimirjamali · commit e802ee9f2fe2 · 2025-09-18T22:51:13.000+03:30
resolves: QubesOS/qubes-issues#10127
diff --git a/qubes/backup.py b/qubes/backup.py
@@ -28,6 +28,7 @@
 import itertools
 import logging
 import os
+from pathlib import Path
 import pwd
 import shutil
 import stat
@@ -452,6 +453,14 @@ def get_files_to_backup(self):
         if 0 in [vm.qid for vm in self.vms_for_backup]:
             local_user = grp.getgrnam("qubes").gr_mem[0]
             home_dir = pwd.getpwnam(local_user).pw_dir
+
+            # Checking if target is not user home directory in dom0
+            if self.target_dir in ["", "~", None] \
+                    or Path(self.target_dir).is_relative_to(home_dir):
+                raise qubes.exc.QubesException(
+                    "Can not backup dom0 home directory to itself!"
+                )
+
             # Home dir should have only user-owned files, so fix it now
             # to prevent permissions problems - some root-owned files can
             # left after 'sudo bash' and similar commands
diff --git a/qubes/tests/integ/backup.py b/qubes/tests/integ/backup.py
@@ -198,7 +198,12 @@ def make_backup(self, vms, target=None, expect_failure=False, **kwargs):
         if target is None:
             target = self.backupdir
         try:
-            backup = qubes.backup.Backup(self.app, vms, **kwargs)
+            backup = qubes.backup.Backup(
+                self.app,
+                vms,
+                target_dir=target,
+                **kwargs
+            )
         except qubes.exc.QubesException as e:
             if not expect_failure:
                 self.fail("QubesException during backup_prepare: %s" % str(e))
@@ -575,6 +580,14 @@ def test_100_backup_dom0_no_restore(self):
         self.make_backup([self.app.domains[0]])
         # TODO: think of some safe way to test restore...
 
+    def test_101_backup_dom0_to_homedir(self):
+        # Test of backup into dom0 home itself results in error...
+        with self.assertRaises(qubes.exc.QubesException):
+            self.make_backup([self.app.domains[0]])
+        with self.assertRaises(qubes.exc.QubesException):
+            self.backupdir = os.environ["HOME"]
+            self.make_backup([self.app.domains[0]])
+
     def test_200_restore_over_existing_directory(self):
         """
         Regression test for #1386
