Don't look for weston.ini in the current working directory

It's a bit surprising that Weston looks different when launched from the root of the git repo vs from elsewhere. But it's also technically a security vulnerability: if I launch it from a directory like /tmp, it might pick up a weston.ini created by another user, which could then load modules with arbitrary code. Basically, it's the same problem as including "." in $PATH. Signed-off-by: Dima Ryazanov <dima@gmail.com>
2018-11-14 22:55:22 -08:00
parent 61eb170b73
commit ad0d83bd6f
3 changed files with 3 additions and 10 deletions
@@ -27,7 +27,6 @@ server is started:
 .B  "weston/weston.ini in each"
 .BR "\ \ \ \ $XDG_CONFIG_DIR           " "(if $XDG_CONFIG_DIRS is set)"
 .BR "/etc/xdg/weston/weston.ini    " "(if $XDG_CONFIG_DIRS is not set)"
-.BR "<current dir>/weston.ini      " "(if no variables were set)"
 .fi
 .RE
 .PP
@@ -261,14 +261,12 @@ See
 .SH FILES
 .
 If the environment variable is set, the configuration file is read
-from the respective path, or the current directory if neither is set.
+from the respective path.
 .PP
 .BI $XDG_CONFIG_HOME /weston.ini
 .br
 .BI $HOME /.config/weston.ini
 .br
-.I ./weston.ini
-.br
 .
 .\" ***************************************************************
 .SH ENVIRONMENT