Don't look for weston.ini in the current working directory

It's a bit surprising that Weston looks different when launched from the root
of the git repo vs from elsewhere.

But it's also technically a security vulnerability: if I launch it from
a directory like /tmp, it might pick up a weston.ini created by another user,
which could then load modules with arbitrary code. Basically, it's the same
problem as including "." in $PATH.

Signed-off-by: Dima Ryazanov <dima@gmail.com>
dev
Dima Ryazanov 6 years ago
parent 61eb170b73
commit ad0d83bd6f
  1. 1
      man/weston.ini.man
  2. 4
      man/weston.man
  3. 8
      shared/config-parser.c

@ -27,7 +27,6 @@ server is started:
.B "weston/weston.ini in each" .B "weston/weston.ini in each"
.BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)" .BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)"
.BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)" .BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)"
.BR "<current dir>/weston.ini " "(if no variables were set)"
.fi .fi
.RE .RE
.PP .PP

@ -261,14 +261,12 @@ See
.SH FILES .SH FILES
. .
If the environment variable is set, the configuration file is read If the environment variable is set, the configuration file is read
from the respective path, or the current directory if neither is set. from the respective path.
.PP .PP
.BI $XDG_CONFIG_HOME /weston.ini .BI $XDG_CONFIG_HOME /weston.ini
.br .br
.BI $HOME /.config/weston.ini .BI $HOME /.config/weston.ini
.br .br
.I ./weston.ini
.br
. .
.\" *************************************************************** .\" ***************************************************************
.SH ENVIRONMENT .SH ENVIRONMENT

@ -75,8 +75,7 @@ open_config_file(struct weston_config *c, const char *name)
} }
/* Precedence is given to config files in the home directory, /* Precedence is given to config files in the home directory,
* and then to directories listed in XDG_CONFIG_DIRS and * then to directories listed in XDG_CONFIG_DIRS. */
* finally to the current working directory. */
/* $XDG_CONFIG_HOME */ /* $XDG_CONFIG_HOME */
if (config_dir) { if (config_dir) {
@ -111,10 +110,7 @@ open_config_file(struct weston_config *c, const char *name)
next++; next++;
} }
/* Current working directory. */ return -1;
snprintf(c->path, sizeof c->path, "./%s", name);
return open(c->path, O_RDONLY | O_CLOEXEC);
} }
static struct weston_config_entry * static struct weston_config_entry *

Loading…
Cancel
Save