diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-17 11:57:02 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-18 08:45:57 +0200 |
commit | 936e4c229a4ed205e9981fc4f31acea063701b69 (patch) | |
tree | f6f9c7fcbee8a097e7b1abfad9c4bdd8552708cc /p11-kit/conf.c | |
parent | 81a6e16539e5e4a27c55194ae095cc4a75d08ade (diff) | |
download | p11-kit-936e4c229a4ed205e9981fc4f31acea063701b69.tar.gz |
Don't load configs from user directory when setuid
When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.
https://bugzilla.redhat.com/show_bug.cgi?id=985014
Diffstat (limited to 'p11-kit/conf.c')
-rw-r--r-- | p11-kit/conf.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/p11-kit/conf.c b/p11-kit/conf.c index e699e66..d29d9ec 100644 --- a/p11-kit/conf.c +++ b/p11-kit/conf.c @@ -227,6 +227,11 @@ _p11_conf_load_globals (const char *system_conf, const char *user_conf, goto finished; } + if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) { + p11_debug ("skipping user config in setuid or setgid program"); + mode = CONF_USER_NONE; + } + if (mode != CONF_USER_NONE) { path = p11_path_expand (user_conf); if (!path) { |