From 2efd4458f4db7f489ecc81f4039b8e8103edf9d9 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 16 Feb 2021 17:24:31 +0100
Subject: Don't load configuration files from ./ by default.

This is a breaking change: lacme(8) resp. lacme-accountd(1) no longer
consider ./lacme.conf resp. ./lacme-accountd.conf as default location
for the configuration file.  Doing so has security implications when
running these program from insecure directories.
---
 lacme-accountd | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'lacme-accountd')

diff --git a/lacme-accountd b/lacme-accountd
index d05fb9c..36e9d9f 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -65,8 +65,7 @@ usage(0) if $OPTS{help};
 
 do {
     my $conffile = $OPTS{config} // first { -f $_ }
-        ( "./$NAME.conf"
-        , ($ENV{XDG_CONFIG_HOME} // "$ENV{HOME}/.config")."/lacme/$NAME.conf"
+        ( ($ENV{XDG_CONFIG_HOME} // "$ENV{HOME}/.config") . "/lacme/$NAME.conf"
         , "@@sysconfdir@@/lacme/$NAME.conf"
         );
     die "Error: Can't find configuration file\n" unless defined $conffile;
-- 
cgit v1.2.3