- When supervisord starts up as root, if the ``-c`` flag was not provided, a

  warning is now emitted to the console.  Rationale: supervisord looks in the
  current working directory for a ``supervisord.conf`` file; someone might
  trick the root user into starting supervisord while cd'ed into a directory
  that has a rogue ``supervisord.conf``.

- A warning was added to the documentation about the security implications of
  starting supervisord without the ``-c`` flag.

CHANGES.txt

@@ -1,6 +1,15 @@
 Next release
 ------------
 
+- When supervisord starts up as root, if the ``-c`` flag was not provided, a
+  warning is now emitted to the console.  Rationale: supervisord looks in the
+  current working directory for a ``supervisord.conf`` file; someone might
+  trick the root user into starting supervisord while cd'ed into a directory
+  that has a rogue ``supervisord.conf``.
+
+- A warning was added to the documentation about the security implications of
+  starting supervisord without the ``-c`` flag.
+
 - Add a boolean program option ``stopasgroup``, defaulting to false.
   When true, the flag causes supervisor to send the stop signal to the
   whole process group.  This is useful for programs, such as Flask in debug

docs/running.rst

@@ -48,6 +48,17 @@ You may start the :command:`supervisord` executable in the foreground
 by passing the ``-n`` flag on its command line.  This is useful to
 debug startup problems.
 
+.. warning::
+
+   When :program:`supervisord` starts up, it will search for its
+   configuration file in default locations *including the current working
+   directory*.  If you are security-conscious you will probably want to
+   specify a "-c" argument after the :program:`supervisord` command
+   specifying an absolute path to a configuration file to ensure that someone
+   doesn't trick you into running supervisor from within a directory that
+   contains a rogue ``supervisord.conf`` file.  A warning is emitted when
+   supervisor is started as root without this ``-c`` argument.
+
 To change the set of programs controlled by :program:`supervisord`,
 edit the :file:`supervisord.conf` file and ``kill -HUP`` or otherwise
 restart the :program:`supervisord` process.  This file has several

supervisor/options.py

@@ -16,6 +16,7 @@ import pkg_resources
 import select
 import glob
 import platform
+import warnings
 
 from fcntl import fcntl
 from fcntl import F_SETFL, F_GETFL
@@ -64,6 +65,7 @@ class Options:
     stderr = sys.stderr
     stdout = sys.stdout
     exit = sys.exit
+    warnings = warnings
 
     uid = gid = None
 
@@ -279,6 +281,16 @@ class Options:
                     self._set(name, value, 1)
 
         if self.configfile is None:
+            if os.getuid() == 0: # pragma: no cover
+                self.warnings.warn(
+                    'Supervisord is running as root and it is searching '
+                    'for its configuration file in default locations '
+                    '(including its current working directory); you '
+                    'probably want to specify a "-c" argument specifying an '
+                    'absolute path to a configuration file for improved '
+                    'security.'
+                    )
+
             self.configfile = self.default_configfile()
 
         self.process_config_file()