Don't load configs from user directory when setuid

When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.

https://bugzilla.redhat.com/show_bug.cgi?id=985014

2 files changed, 6 insertions, 0 deletions

diff --git a/doc/manual/p11-kit-config.xml b/doc/manual/p11-kit-config.xml
index 6d069dd..1df55b1 100644
--- a/doc/manual/p11-kit-config.xml
+++ b/doc/manual/p11-kit-config.xml
@@ -87,5 +87,8 @@ critical: yes
 
 	<para><link linkend="pkcs11.conf">See the manual page</link> for more details
 	on the format and available options.</para>
+
+	<para>Note that user configuration files are not loaded from the home
+	directory if running inside a setuid or setgid program.</para>
 </section>
 </chapter>
diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml
index 1ff2562..cda02ee 100644
--- a/doc/manual/pkcs11.conf.xml
+++ b/doc/manual/pkcs11.conf.xml
@@ -241,6 +241,9 @@ x-custom : text
 	file per module. In addition the <literal>~/.pkcs11/modules</literal> directory
 	can be used for modules installed by the user.</para>
 
+	<para>Note that user configuration files are not loaded from the home
+	directory if running inside a setuid or setgid program.</para>
+
 	<para>The default system config file and module directory can be changed
 	when building p11-kit. Always
 	<link linkend="devel-paths">lookup these paths</link> using