[PATCH] Don't look for weston.ini in the current working directory
Dima Ryazanov
dima at gmail.com
Thu Nov 15 21:36:14 UTC 2018
Done! I somehow missed the move to Gitlab.
On Thu, Nov 15, 2018 at 12:14 AM Pekka Paalanen <ppaalanen at gmail.com> wrote:
> On Wed, 14 Nov 2018 23:02:12 -0800
> Dima Ryazanov <dima at gmail.com> wrote:
>
> > It's a bit surprising that Weston looks different when launched from the
> root
> > of the git repo vs from elsewhere.
> >
> > But it's also technically a security vulnerability: if I launch it from
> > a directory like /tmp, it might pick up a weston.ini created by another
> user,
> > which could then load modules with arbitrary code. Basically, it's the
> same
> > problem as including "." in $PATH.
> >
> > Signed-off-by: Dima Ryazanov <dima at gmail.com>
>
> Hi Dima,
>
> I agree with this change:
>
> Acked-by: Pekka Paalanen <pekka.paalanen at collabora.com>
>
>
> Weston patch submission has moved into Gitlab merge requests though.
> Could you re-send as Gitlab MRs, please?
>
> The contribution guide should have everything you need to know. Don't
> forget to update Patchwork status if you re-send in Gitlab.
>
> The mailing list submissions and patches still open in Patchwork are
> not intended to be discarded, but it seems most people have moved
> completely to Gitlab review process, so picking up Weston patches from
> Patchwork has been even slower than before.
>
>
> Thanks,
> pq
>
> > ---
> > man/weston.ini.man | 1 -
> > man/weston.man | 4 +---
> > shared/config-parser.c | 8 ++------
> > 3 files changed, 3 insertions(+), 10 deletions(-)
> >
> > diff --git a/man/weston.ini.man b/man/weston.ini.man
> > index c12e0505..2171b960 100644
> > --- a/man/weston.ini.man
> > +++ b/man/weston.ini.man
> > @@ -27,7 +27,6 @@ server is started:
> > .B "weston/weston.ini in each"
> > .BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)"
> > .BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)"
> > -.BR "<current dir>/weston.ini " "(if no variables were set)"
> > .fi
> > .RE
> > .PP
> > diff --git a/man/weston.man b/man/weston.man
> > index c09d4c2d..c1aa6476 100644
> > --- a/man/weston.man
> > +++ b/man/weston.man
> > @@ -261,14 +261,12 @@ See
> > .SH FILES
> > .
> > If the environment variable is set, the configuration file is read
> > -from the respective path, or the current directory if neither is set.
> > +from the respective path.
> > .PP
> > .BI $XDG_CONFIG_HOME /weston.ini
> > .br
> > .BI $HOME /.config/weston.ini
> > .br
> > -.I ./weston.ini
> > -.br
> > .
> > .\" ***************************************************************
> > .SH ENVIRONMENT
> > diff --git a/shared/config-parser.c b/shared/config-parser.c
> > index ae5f8035..7b1402d2 100644
> > --- a/shared/config-parser.c
> > +++ b/shared/config-parser.c
> > @@ -75,8 +75,7 @@ open_config_file(struct weston_config *c, const char
> *name)
> > }
> >
> > /* Precedence is given to config files in the home directory,
> > - * and then to directories listed in XDG_CONFIG_DIRS and
> > - * finally to the current working directory. */
> > + * then to directories listed in XDG_CONFIG_DIRS. */
> >
> > /* $XDG_CONFIG_HOME */
> > if (config_dir) {
> > @@ -111,10 +110,7 @@ open_config_file(struct weston_config *c, const
> char *name)
> > next++;
> > }
> >
> > - /* Current working directory. */
> > - snprintf(c->path, sizeof c->path, "./%s", name);
> > -
> > - return open(c->path, O_RDONLY | O_CLOEXEC);
> > + return -1;
> > }
> >
> > static struct weston_config_entry *
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-devel/attachments/20181115/45cec368/attachment-0001.html>
More information about the wayland-devel
mailing list