Don't load configs from user directory when setuid

When running as setuid() or setgid() don't access the user's home directory, or use $HOME environment variables. https://bugzilla.redhat.com/show_bug.cgi?id=985014
author: Stef Walter <stef@thewalter.net> 2013-07-17 11:57:02 +0200
committer: Stef Walter <stef@thewalter.net> 2013-07-18 08:45:57 +0200
commit: 936e4c229a4ed205e9981fc4f31acea063701b69 (patch)
tree: f6f9c7fcbee8a097e7b1abfad9c4bdd8552708cc /p11-kit/conf.c
parent: 81a6e16539e5e4a27c55194ae095cc4a75d08ade (diff)
download: p11-kit-936e4c229a4ed205e9981fc4f31acea063701b69.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/p11-kit/conf.c b/p11-kit/conf.c
index e699e66..d29d9ec 100644
--- a/p11-kit/conf.c
+++ b/p11-kit/conf.c
@@ -227,6 +227,11 @@ _p11_conf_load_globals (const char *system_conf, const char *user_conf,
 		goto finished;
 	}
 
+	if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) {
+		p11_debug ("skipping user config in setuid or setgid program");
+		mode = CONF_USER_NONE;
+	}
+
 	if (mode != CONF_USER_NONE) {
 		path = p11_path_expand (user_conf);
 		if (!path) {
author	Stef Walter <stef@thewalter.net>	2013-07-17 11:57:02 +0200
committer	Stef Walter <stef@thewalter.net>	2013-07-18 08:45:57 +0200
commit	936e4c229a4ed205e9981fc4f31acea063701b69 (patch)
tree	f6f9c7fcbee8a097e7b1abfad9c4bdd8552708cc /p11-kit/conf.c
parent	81a6e16539e5e4a27c55194ae095cc4a75d08ade (diff)
download	p11-kit-936e4c229a4ed205e9981fc4f31acea063701b69.tar.gz