From 936e4c229a4ed205e9981fc4f31acea063701b69 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@thewalter.net>
Date: Wed, 17 Jul 2013 11:57:02 +0200
Subject: Don't load configs from user directory when setuid

When running as setuid() or setgid() don't access the user's home
directory, or use $HOME environment variables.

https://bugzilla.redhat.com/show_bug.cgi?id=985014
---
 doc/manual/p11-kit-config.xml | 3 +++
 doc/manual/pkcs11.conf.xml    | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'doc')

diff --git a/doc/manual/p11-kit-config.xml b/doc/manual/p11-kit-config.xml
index 6d069dd..1df55b1 100644
--- a/doc/manual/p11-kit-config.xml
+++ b/doc/manual/p11-kit-config.xml
@@ -87,5 +87,8 @@ critical: yes
 
 	<para><link linkend="pkcs11.conf">See the manual page</link> for more details
 	on the format and available options.</para>
+
+	<para>Note that user configuration files are not loaded from the home
+	directory if running inside a setuid or setgid program.</para>
 </section>
 </chapter>
diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml
index 1ff2562..cda02ee 100644
--- a/doc/manual/pkcs11.conf.xml
+++ b/doc/manual/pkcs11.conf.xml
@@ -241,6 +241,9 @@ x-custom : text
 	file per module. In addition the <literal>~/.pkcs11/modules</literal> directory
 	can be used for modules installed by the user.</para>
 
+	<para>Note that user configuration files are not loaded from the home
+	directory if running inside a setuid or setgid program.</para>
+
 	<para>The default system config file and module directory can be changed
 	when building p11-kit. Always
 	<link linkend="devel-paths">lookup these paths</link> using
-- 
cgit v1.1