On Wed, 14 Nov 2018 23:02:12 -0800 Dima Ryazanov <[email protected]> wrote:
> It's a bit surprising that Weston looks different when launched from the root > of the git repo vs from elsewhere. > > But it's also technically a security vulnerability: if I launch it from > a directory like /tmp, it might pick up a weston.ini created by another user, > which could then load modules with arbitrary code. Basically, it's the same > problem as including "." in $PATH. > > Signed-off-by: Dima Ryazanov <[email protected]> Hi Dima, I agree with this change: Acked-by: Pekka Paalanen <[email protected]> Weston patch submission has moved into Gitlab merge requests though. Could you re-send as Gitlab MRs, please? The contribution guide should have everything you need to know. Don't forget to update Patchwork status if you re-send in Gitlab. The mailing list submissions and patches still open in Patchwork are not intended to be discarded, but it seems most people have moved completely to Gitlab review process, so picking up Weston patches from Patchwork has been even slower than before. Thanks, pq > --- > man/weston.ini.man | 1 - > man/weston.man | 4 +--- > shared/config-parser.c | 8 ++------ > 3 files changed, 3 insertions(+), 10 deletions(-) > > diff --git a/man/weston.ini.man b/man/weston.ini.man > index c12e0505..2171b960 100644 > --- a/man/weston.ini.man > +++ b/man/weston.ini.man > @@ -27,7 +27,6 @@ server is started: > .B "weston/weston.ini in each" > .BR "\ \ \ \ $XDG_CONFIG_DIR " "(if $XDG_CONFIG_DIRS is set)" > .BR "/etc/xdg/weston/weston.ini " "(if $XDG_CONFIG_DIRS is not set)" > -.BR "<current dir>/weston.ini " "(if no variables were set)" > .fi > .RE > .PP > diff --git a/man/weston.man b/man/weston.man > index c09d4c2d..c1aa6476 100644 > --- a/man/weston.man > +++ b/man/weston.man > @@ -261,14 +261,12 @@ See > .SH FILES > . > If the environment variable is set, the configuration file is read > -from the respective path, or the current directory if neither is set. > +from the respective path. > .PP > .BI $XDG_CONFIG_HOME /weston.ini > .br > .BI $HOME /.config/weston.ini > .br > -.I ./weston.ini > -.br > . > .\" *************************************************************** > .SH ENVIRONMENT > diff --git a/shared/config-parser.c b/shared/config-parser.c > index ae5f8035..7b1402d2 100644 > --- a/shared/config-parser.c > +++ b/shared/config-parser.c > @@ -75,8 +75,7 @@ open_config_file(struct weston_config *c, const char *name) > } > > /* Precedence is given to config files in the home directory, > - * and then to directories listed in XDG_CONFIG_DIRS and > - * finally to the current working directory. */ > + * then to directories listed in XDG_CONFIG_DIRS. */ > > /* $XDG_CONFIG_HOME */ > if (config_dir) { > @@ -111,10 +110,7 @@ open_config_file(struct weston_config *c, const char > *name) > next++; > } > > - /* Current working directory. */ > - snprintf(c->path, sizeof c->path, "./%s", name); > - > - return open(c->path, O_RDONLY | O_CLOEXEC); > + return -1; > } > > static struct weston_config_entry *
pgpPPGr0fLRJm.pgp
Description: OpenPGP digital signature
_______________________________________________ wayland-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/wayland-devel
