Commit ad0d83bd authored by Dima Ryazanov's avatar Dima Ryazanov
Browse files

Don't look for weston.ini in the current working directory

It's a bit surprising that Weston looks different when launched from the root
of the git repo vs from elsewhere.

But it's also technically a security vulnerability: if I launch it from
a directory like /tmp, it might pick up a weston.ini created by another user,
which could then load modules with arbitrary code. Basically, it's the same
problem as including "." in $PATH.
Signed-off-by: Dima Ryazanov's avatarDima Ryazanov <>
parent 61eb170b
......@@ -27,7 +27,6 @@ server is started:
.B "weston/weston.ini in each"
.BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)"
.BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)"
.BR "<current dir>/weston.ini " "(if no variables were set)"
......@@ -261,14 +261,12 @@ See
If the environment variable is set, the configuration file is read
from the respective path, or the current directory if neither is set.
from the respective path.
.BI $XDG_CONFIG_HOME /weston.ini
.BI $HOME /.config/weston.ini
.I ./weston.ini
.\" ***************************************************************
......@@ -75,8 +75,7 @@ open_config_file(struct weston_config *c, const char *name)
/* Precedence is given to config files in the home directory,
* and then to directories listed in XDG_CONFIG_DIRS and
* finally to the current working directory. */
* then to directories listed in XDG_CONFIG_DIRS. */
if (config_dir) {
......@@ -111,10 +110,7 @@ open_config_file(struct weston_config *c, const char *name)
/* Current working directory. */
snprintf(c->path, sizeof c->path, "./%s", name);
return open(c->path, O_RDONLY | O_CLOEXEC);
return -1;
static struct weston_config_entry *
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment