Permalink
Browse files

Fix config file search warning if executable name is changed. Closes #…

  • Loading branch information...
mnaberez committed Oct 10, 2017
1 parent cd5fb62 commit 906f0795815136d195dcf7cac7d39bc8f4c0215a
Showing with 16 additions and 11 deletions.
  1. +4 −0 CHANGES.txt
  2. +12 −11 supervisor/options.py
View
@@ -35,6 +35,10 @@
- The HTTP server now returns a Content-Type header specifying UTF-8 encoding.
This may fix display issues in some browsers. Patch by Katenkka.
- Fixed a bug where the warning ``Supervisord is running as root and it is
searching for its config file`` may have been incorrectly shown by
``supervisorctl`` if its executable name was changed.
3.3.3 (2017-07-24)
------------------
- Fixed CVE-2017-11610. A vulnerability was found where an authenticated
View
@@ -303,17 +303,6 @@ def realize(self, args=None, doc=None, progname=None):
self._set(name, value, 1)
if self.configfile is None:
uid = os.getuid()
if uid == 0 and "supervisord" in self.progname: # pragma: no cover
self.warnings.warn(
'Supervisord is running as root and it is searching '
'for its configuration file in default locations '
'(including its current working directory); you '
'probably want to specify a "-c" argument specifying an '
'absolute path to a configuration file for improved '
'security.'
)
self.configfile = self.default_configfile()
self.process_config()
@@ -476,6 +465,18 @@ def version(self, dummy):
def getLogger(self, *args, **kwargs):
return loggers.getLogger(*args, **kwargs)
def default_configfile(self):
if os.getuid() == 0:
self.warnings.warn(
'Supervisord is running as root and it is searching '
'for its configuration file in default locations '
'(including its current working directory); you '
'probably want to specify a "-c" argument specifying an '
'absolute path to a configuration file for improved '
'security.'
)
return Options.default_configfile(self)
def realize(self, *arg, **kw):
Options.realize(self, *arg, **kw)
section = self.configroot.supervisord

0 comments on commit 906f079

Please sign in to comment.