Commit ad0d83bd authored by Dima Ryazanov's avatar Dima Ryazanov
Browse files

Don't look for weston.ini in the current working directory



It's a bit surprising that Weston looks different when launched from the root
of the git repo vs from elsewhere.

But it's also technically a security vulnerability: if I launch it from
a directory like /tmp, it might pick up a weston.ini created by another user,
which could then load modules with arbitrary code. Basically, it's the same
problem as including "." in $PATH.
Signed-off-by: Dima Ryazanov's avatarDima Ryazanov <dima@gmail.com>
parent 61eb170b
...@@ -27,7 +27,6 @@ server is started: ...@@ -27,7 +27,6 @@ server is started:
.B "weston/weston.ini in each" .B "weston/weston.ini in each"
.BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)" .BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)"
.BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)" .BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)"
.BR "<current dir>/weston.ini " "(if no variables were set)"
.fi .fi
.RE .RE
.PP .PP
......
...@@ -261,14 +261,12 @@ See ...@@ -261,14 +261,12 @@ See
.SH FILES .SH FILES
. .
If the environment variable is set, the configuration file is read If the environment variable is set, the configuration file is read
from the respective path, or the current directory if neither is set. from the respective path.
.PP .PP
.BI $XDG_CONFIG_HOME /weston.ini .BI $XDG_CONFIG_HOME /weston.ini
.br .br
.BI $HOME /.config/weston.ini .BI $HOME /.config/weston.ini
.br .br
.I ./weston.ini
.br
. .
.\" *************************************************************** .\" ***************************************************************
.SH ENVIRONMENT .SH ENVIRONMENT
......
...@@ -75,8 +75,7 @@ open_config_file(struct weston_config *c, const char *name) ...@@ -75,8 +75,7 @@ open_config_file(struct weston_config *c, const char *name)
} }
/* Precedence is given to config files in the home directory, /* Precedence is given to config files in the home directory,
* and then to directories listed in XDG_CONFIG_DIRS and * then to directories listed in XDG_CONFIG_DIRS. */
* finally to the current working directory. */
/* $XDG_CONFIG_HOME */ /* $XDG_CONFIG_HOME */
if (config_dir) { if (config_dir) {
...@@ -111,10 +110,7 @@ open_config_file(struct weston_config *c, const char *name) ...@@ -111,10 +110,7 @@ open_config_file(struct weston_config *c, const char *name)
next++; next++;
} }
/* Current working directory. */ return -1;
snprintf(c->path, sizeof c->path, "./%s", name);
return open(c->path, O_RDONLY | O_CLOEXEC);
} }
static struct weston_config_entry * static struct weston_config_entry *
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment