[PATCH] Don't look for weston.ini in the current working directory
Pekka Paalanen
ppaalanen at gmail.com
Thu Nov 15 08:13:58 UTC 2018
On Wed, 14 Nov 2018 23:02:12 -0800
Dima Ryazanov <dima at gmail.com> wrote:
> It's a bit surprising that Weston looks different when launched from the root
> of the git repo vs from elsewhere.
>
> But it's also technically a security vulnerability: if I launch it from
> a directory like /tmp, it might pick up a weston.ini created by another user,
> which could then load modules with arbitrary code. Basically, it's the same
> problem as including "." in $PATH.
>
> Signed-off-by: Dima Ryazanov <dima at gmail.com>
Hi Dima,
I agree with this change:
Acked-by: Pekka Paalanen <pekka.paalanen at collabora.com>
Weston patch submission has moved into Gitlab merge requests though.
Could you re-send as Gitlab MRs, please?
The contribution guide should have everything you need to know. Don't
forget to update Patchwork status if you re-send in Gitlab.
The mailing list submissions and patches still open in Patchwork are
not intended to be discarded, but it seems most people have moved
completely to Gitlab review process, so picking up Weston patches from
Patchwork has been even slower than before.
Thanks,
pq
> ---
> man/weston.ini.man | 1 -
> man/weston.man | 4 +---
> shared/config-parser.c | 8 ++------
> 3 files changed, 3 insertions(+), 10 deletions(-)
>
> diff --git a/man/weston.ini.man b/man/weston.ini.man
> index c12e0505..2171b960 100644
> --- a/man/weston.ini.man
> +++ b/man/weston.ini.man
> @@ -27,7 +27,6 @@ server is started:
> .B "weston/weston.ini in each"
> .BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)"
> .BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)"
> -.BR "<current dir>/weston.ini " "(if no variables were set)"
> .fi
> .RE
> .PP
> diff --git a/man/weston.man b/man/weston.man
> index c09d4c2d..c1aa6476 100644
> --- a/man/weston.man
> +++ b/man/weston.man
> @@ -261,14 +261,12 @@ See
> .SH FILES
> .
> If the environment variable is set, the configuration file is read
> -from the respective path, or the current directory if neither is set.
> +from the respective path.
> .PP
> .BI $XDG_CONFIG_HOME /weston.ini
> .br
> .BI $HOME /.config/weston.ini
> .br
> -.I ./weston.ini
> -.br
> .
> .\" ***************************************************************
> .SH ENVIRONMENT
> diff --git a/shared/config-parser.c b/shared/config-parser.c
> index ae5f8035..7b1402d2 100644
> --- a/shared/config-parser.c
> +++ b/shared/config-parser.c
> @@ -75,8 +75,7 @@ open_config_file(struct weston_config *c, const char *name)
> }
>
> /* Precedence is given to config files in the home directory,
> - * and then to directories listed in XDG_CONFIG_DIRS and
> - * finally to the current working directory. */
> + * then to directories listed in XDG_CONFIG_DIRS. */
>
> /* $XDG_CONFIG_HOME */
> if (config_dir) {
> @@ -111,10 +110,7 @@ open_config_file(struct weston_config *c, const char *name)
> next++;
> }
>
> - /* Current working directory. */
> - snprintf(c->path, sizeof c->path, "./%s", name);
> -
> - return open(c->path, O_RDONLY | O_CLOEXEC);
> + return -1;
> }
>
> static struct weston_config_entry *
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20181115/42c91d44/attachment.sig>
More information about the wayland-devel
mailing list