From 68ce31aae9a22d18b28f4aa44b3e1006b7fe3aa7 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Fri, 17 May 2019 13:49:34 +0200
Subject: conf: Ignore user configuration if the program is running as root

Suggested by Bastien Nocera:
https://bugzilla.redhat.com/show_bug.cgi?id=1688583
---
 p11-kit/conf.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/p11-kit/conf.c b/p11-kit/conf.c
index 3ec1c36..861231e 100644
--- a/p11-kit/conf.c
+++ b/p11-kit/conf.c
@@ -232,8 +232,10 @@ _p11_conf_load_globals (const char *system_conf, const char *user_conf,
 		if (getauxval (AT_SECURE)) {
 			p11_debug ("skipping user config in setuid or setgid program");
 			mode = CONF_USER_NONE;
+		} else if (getuid () == 0) {
+			p11_debug ("skipping user config in program running as root");
+			mode = CONF_USER_NONE;
 		} else if (secure_getenv ("P11_KIT_NO_USER_CONFIG")) {
-			/* This one should be used in RPM %post and equivalent */
 			p11_debug ("skipping user config due to P11_NO_USER_CONFIG");
 			mode = CONF_USER_NONE;
 		}
-- 
cgit v1.1