From 1f298b313161cc77d73c9331b650cfc0aa3a74c2 Mon Sep 17 00:00:00 2001
From: nicm <nicm@openbsd.org>
Date: Fri, 24 Apr 2015 17:34:57 +0000
Subject: [PATCH] Do not attempt to use ~/.magic if running as root (or
 issetugid()).

---
 usr.bin/file/file.1 |  6 ++++--
 usr.bin/file/file.c | 36 +++++++++++++++++++-----------------
 2 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/usr.bin/file/file.1 b/usr.bin/file/file.1
index be305b2be69..1473e2887b4 100644
--- a/usr.bin/file/file.1
+++ b/usr.bin/file/file.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: file.1,v 1.36 2015/04/24 16:24:11 nicm Exp $
+.\" $OpenBSD: file.1,v 1.37 2015/04/24 17:34:57 nicm Exp $
 .\" $FreeBSD: src/usr.bin/file/file.1,v 1.16 2000/03/01 12:19:39 sheldonh Exp $
 .\"
 .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -56,7 +56,9 @@ These are loaded from the
 .Pa /etc/magic
 file (or
 .Pa ~/.magic
-instead if it exists).
+instead if it exists and
+.Nm
+is not running as root).
 The file format is described in
 .Xr magic 5 .
 .It
diff --git a/usr.bin/file/file.c b/usr.bin/file/file.c
index eaf2072f7ad..02f5f24296d 100644
--- a/usr.bin/file/file.c
+++ b/usr.bin/file/file.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: file.c,v 1.31 2015/04/24 17:10:50 nicm Exp $ */
+/* $OpenBSD: file.c,v 1.32 2015/04/24 17:34:57 nicm Exp $ */
 
 /*
  * Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
@@ -137,23 +137,25 @@ main(int argc, char **argv)
 	} else if (argc == 0)
 		usage();
 
-	home = getenv("HOME");
-	if (home == NULL || *home == '\0') {
-		pw = getpwuid(getuid());
-		if (pw != NULL)
-			home = pw->pw_dir;
-		else
-			home = NULL;
+	f = NULL;
+	if (geteuid() != 0 && !issetugid()) {
+		home = getenv("HOME");
+		if (home == NULL || *home == '\0') {
+			pw = getpwuid(getuid());
+			if (pw != NULL)
+				home = pw->pw_dir;
+			else
+				home = NULL;
+		}
+		if (home != NULL) {
+			xasprintf(&path, "%s/.magic", home);
+			f = fopen(path, "r");
+			if (f == NULL && errno != ENOENT)
+				err(1, "%s", path);
+			if (f == NULL)
+				free(path);
+		}
 	}
-	if (home != NULL) {
-		xasprintf(&path, "%s/.magic", home);
-		f = fopen(path, "r");
-		if (f == NULL && errno != ENOENT)
-			err(1, "%s", path);
-		if (f == NULL)
-			free(path);
-	} else
-		f = NULL;
 	if (f == NULL) {
 		path = xstrdup("/etc/magic");
 		f = fopen(path, "r");
-- 
2.20.1